Security Implications

From: eric soroos <eric-psql(at)soroos(dot)net>
To: pgsql-novice(at)postgresql(dot)org
Subject: Security Implications
Date: 2002-08-23 16:46:26
Message-ID: 93362316.1182026510@[4.42.179.151]
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-novice


Say I have a web app that is connecting to a database as an unprivleged user.
This database contains one client's data (all of it, and only that client's data). Also assume that the client is reasonably clueful and wants to do data mining above and beyond what I present through a web interface.

What damage could they do if given the ability to type in sql queries and execute them?

Obviously they could hose their own data. They could also do expensive joins.
Can they connect to another database? Can they interact at all with the file system?

thanks

eric

Responses

Browse pgsql-novice by date

  From Date Subject
Next Message Andrew McMillan 2002-08-24 12:18:24 Re: Security Implications
Previous Message Josh Berkus 2002-08-23 16:18:02 Re: Simple but slow