Re: Why is ALLOW_ABSOLUTE_DBPATHS unsafe?
| От | murphy pope |
|---|---|
| Тема | Re: Why is ALLOW_ABSOLUTE_DBPATHS unsafe? |
| Дата | |
| Msg-id | F35Elit7vjMswbiks7D00013599@hotmail.com обсуждение исходный текст |
| Ответ на | Why is ALLOW_ABSOLUTE_DBPATHS unsafe? ("murphy pope" <pope_murphy@hotmail.com>) |
| Список | pgsql-general |
Thanks Thomas. >>Maybe I'm just not devious enough, but I can't figure out what the risks >>are. Can anyone enlighten me? > >Security issues include allowing non-privileged users access to >uncontrolled areas of storage. A devious non-privileged user might be >able to execute privileged code or otherwise mess around with data. Oh, because the DBPATH directory and files will be created by and owned by user postgres instead of the actual user, right? >Data integrity issues include having the DBA lose control over *where* >data in the database is actually located. If a user decides to configure >some tables under /tmp, the DBA will have no way of knowing and will >have no opportunity to help plan the data storage strategy for his >system. I'm not sure that's completely true, but maybe that's because I haven't played with alternate locations enough. Can't you look at the dbpath column pg_database to find out where all databases are located? I realize that you have to *know* to look there. _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com
В списке pgsql-general по дате отправления: