Re: Disable Save results to file button

On Wed, Nov 20, 2024 at 7:38 PM Srini Genji <srini(dot)genji(at)gmail(dot)com> wrote:

>
> This is coming mainly from security to avoid users downloading huge
> datasets containing sensitive data in to their machine
>
>
I appreciate the desire here, and it isn't unreasonable, but it is also
technically nearly impossible. If you have given a person credentials,
network access, and the relevant database permissions to see all of that
data they will be able to make a copy of it that you do not control. While
marginal improvements are possible, the cost of doing them (and available
mitigations) discourages people from working on such patches in favor of
other things.

If this is a security risk you need to mitigate in PostgreSQL you probably
need to implement a solution where the user does not directly have
credentials for the database, but asks some proxy to access the database on
their behalf (e.g., a webapp) and in that proxy you institute such
policies. I feel like some tools and extensions in this area likely exist,
though I am not personally familiar with any of them if that is so.

Yes, ideally pgAdmin, if you can otherwise lock down their machine and
prohibit any other software from being run as well as ensure their
credentials only are usable on that machine (both doable propositions I
daresay) would fill in the missing piece and provide a viewer-only option.
Or maybe just run it on a server where the local machine isn't accessible
to the user...

David J.

(p.s., this is the admin mailing list for the PostgreSQL server, not the
mailing list for the third-party pgAdmin product. If you have a
requirement to use pgAdmin you may wish to converse with that team in their
own channels.)