| From: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> |
|---|---|
| To: | Jan Bilek <jan(dot)bilek(at)eftlab(dot)com(dot)au>, Christophe Pettus <xof(at)thebuild(dot)com> |
| Cc: | "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: PCI:SSF - Safe SQL Query & operators filter |
| Date: | 2022-11-08 07:03:39 |
| Message-ID: | 96d54b77e1584463cc1c12e1a3ed6870063916b2.camel@cybertec.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Tue, 2022-11-08 at 04:14 +0000, Jan Bilek wrote:
> I know it is not exactly what you suggested (and agreeing a lot with our
> app user shouldn't be running as superuser), but as all other inputs
> from our application come sanitized through bind and this is the only
> way where user can send an explicit command in there - I think it should do!
>
> Please let me know if you approve.
I strongly disapprove, and any security audit you pass with such a setup
is worthless. I repeat: the application does not need to connect with
a superuser.
I don't understand what you want to demonstrate with the code samples, or
what you mean when you say that "the user can send an explicit command".
Yours,
Laurenz Albe
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Thomas Munro | 2022-11-08 07:10:23 | Re: Segmentation Fault PG 14 |
| Previous Message | Ashesh Vashi | 2022-11-08 04:15:55 | Re: My account was locked in pgadmin4 |