| From: | Jochem van Dieten <jochemd(at)oli(dot)tudelft(dot)nl> |
|---|---|
| To: | Scott Gammans <nospam_deepgloat(at)yahoo(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Is there any such thing as PostgreSQL security on a |
| Date: | 2002-07-29 13:40:06 |
| Message-ID: | 3D4545B6.1000502@oli.tudelft.nl |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Scott Gammans wrote:
>
> What is to stop a company that is hosting my
> PostgreSQL-enabled website from changing my
> pg_hba.conf file to "TRUST" so that they can go in and
> snoop around my online PostgreSQL databases?
Nothing.
> My website is currently being hosted by a company that
> includes 10 PostgreSQL databases, but they do not
> allow me superuser access (the hosting company issues
> me a PostgreSQL userid/password that does not have
> "CREATEDB" privileges) and I am also on a shared
> instance of PostgreSQL with other users (I can see
> their userids from the phpPgAdmin tool).
>
> This seemed like an obvious security breach
Why? Others can see you, but they can't touch you. The only ones that
can touch you are the superusers, i.e. the hosting company. But they can
do that anyway since they have physical access to that machine.
Jochem
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Markus Wollny | 2002-07-29 13:41:46 | tsearch - Regression tests fail |
| Previous Message | Richard Huxton | 2002-07-29 12:58:52 | Re: Limit on updates made in a transaction |