Re: Superuser without pg_hba could drop database
| От | Dave Page |
|---|---|
| Тема | Re: Superuser without pg_hba could drop database |
| Дата | |
| Msg-id | AANLkTinz4QKb1JsyqVX=GS8W8n21FcyRwyQd1kC9t8YF@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Superuser without pg_hba could drop database (Mudy Situmorang <mudy@astasolusi.com>) |
| Список | pgadmin-support |
On Thu, Jul 29, 2010 at 8:15 AM, Mudy Situmorang <mudy@astasolusi.com> wrote: > psql runs only from the server, while pgAdmin (which is a standard > installation in PostgerSQL for windows) easily installed in any clients. Incorrect. psql, like pretty much any PostgreSQL client can run on any machine and connect to a remote server. > In a network with several different projects & many databases that requires > dozens of superuser, pg_hba could provide the required access control. No, that's not the way to set it up - a superuser can always drop a database, regardless of pg_hba.conf. You should make roles database owners rather than superusers to give them control of individual databases only. > In this bug, when one superuser password compromised, then all database can > be dropped from any clients using pgAdmin. > IMO this is a major security problem on pgAdmin software. Real security problems like this are *never* in the the client software, always in the server. If the security was implemented in pgAdmin, then it would be trivial for an attacker to bypass by writing their own client, or recompiling pgAdmin without the security check. But, this is not a security issue as noted above... -- Dave Page EnterpriseDB UK: http://www.enterprisedb.com The Enterprise Postgres Company
В списке pgadmin-support по дате отправления: