On 4 Jul 2004 at 14:37, Magnus Hagander wrote:
>
> Can't run without TCPIP on win32...
It should be possible to reject anything that is not 127.0.0.1
What about anonymous pipes? These are local only by definition. Maybe not for this
release. but maybe later?
>
> Anyway. It is a security threat in the way that it helps an indirect
> attack. Say a SQL injection attack would suddenly give you local admin
> instead of just an unpriv account. A lot better place to get started if
> you want to take over a server...
Absolutely! but...
You must have had admin privs to start the postmaster as an admin user anyway so why
is this a problem? I'm only suggesting that this would be easier for a developer on their
local system or all those folks out there who want to see what PostgreSQL can do. As
long as admin privs are restricted to the local system (by whatever means) then it should
be allowed.
You should definitely NOT be able to start postmaster with admin privs and give network
access.
Cheers,
Gary.