Re: Sample pg_hba.conf allows local users to access all databases
| От | William Edwards |
|---|---|
| Тема | Re: Sample pg_hba.conf allows local users to access all databases |
| Дата | |
| Msg-id | 54edc22f9addec5fcb8ea8190274cf06@cyberfusion.nl обсуждение исходный текст |
| Ответ на | Re: Sample pg_hba.conf allows local users to access all databases ("David G. Johnston" <david.g.johnston@gmail.com>) |
| Список | pgsql-general |
Hi David, David G. Johnston schreef op 2023-08-01 19:35: > On Tue, Aug 1, 2023 at 10:13 AM William Edwards > <wedwards@cyberfusion.nl> wrote: > >> This allows all local users connecting over TCP to access all >> databases, >> not only the databases that the user is a member of as one might >> expect. >> >> Proof that user is able to access database that it is not a member >> of is >> below. > > Roles do not gain membership in databases. I mixed up \du and \l output (the latter has a 'Member of' column) because I used identical names for some roles and databases. Sorry for the confusion. > Roles can be granted > permissions on databases (mainly CONNECT). And all roles, via PUBLIC, > get connect privileges on all databases by default. So the > pg_hba.conf entry is not causing something to happen against the > wishes of the privileges system. > > https://www.postgresql.org/docs/current/ddl-priv.html > > And yes, this is a usability vs secure-by-default that hasn't seen > enough complaint to take on changing the default. Understood - records in pg_hba.conf limit access preemptively during client authentication and do not control privileges. For completeness' sake: from what I understand, with default privileges, this does allow users to manipulate and read objects in any 'public' schema pre PostgreSQL 15.x (https://www.postgresql.org/docs/15/release-15.html E.4.2). > > David J. Met vriendelijke groeten, William Edwards
В списке pgsql-general по дате отправления: