| From: | Dave Page <dpage(at)pgadmin(dot)org> |
|---|---|
| To: | Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at> |
| Cc: | pgadmin-hackers(at)postgresql(dot)org |
| Subject: | Re: Suggestion for pgAgent |
| Date: | 2009-11-17 18:15:32 |
| Message-ID: | 937d27e10911171015u4067ab8fjaf415207ed159a1c@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgadmin-hackers |
On Tue, Nov 17, 2009 at 7:50 AM, Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at> wrote:
>> Sure, it's definitely an option - provided it can be done in a secure
>> way. Want to work on it?
>
> I should be able to change pgAgent accordingly, but I am not an
> accomplished GUI programmer and have no experience with wxWidgets,
> so I don't want to promise that I can do the necessary modifications
> in pgAdmin.
We can help with that. It should be fairly trivial from a GUI perspective.
> Can you think of any security concerns?
Privilege escalation. Currently, pgAgent relies on the security of the
schema to prevent unauthorised users from creating jobs that run as
the pgagent operating system user (typically 'postgres'). If you leave
that as-is, and just allow a connection username to be specified, we
shouldn't have a problem, but if the schema is opened up to allow
users to schedule jobs by default, then there's potentially a big
issue.
In further thought though - why can't you just set the target database
of the step to be 'remote' and then specify a connection string with a
specified username?
--
Dave Page
EnterpriseDB UK: http://www.enterprisedb.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Albe Laurenz | 2009-11-18 12:24:38 | Re: Suggestion for pgAgent |
| Previous Message | Ashesh Vashi | 2009-11-17 12:35:05 | Re: PATCH(WIP): Printing Support And Save GQB/Explain as an image |