| From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
|---|---|
| To: | Josh Berkus <josh(at)agliodbs(dot)com> |
| Cc: | Mike Mascari <mascarm(at)mascari(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: pl/pgsql enabled by default |
| Date: | 2005-05-08 21:48:21 |
| Message-ID: | 427E8925.9060007@dunslane.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Josh Berkus wrote:
>Mike,
>
>
>
>>I think most people coming from any other enterprise-class RDBMS
>>environment will be surprised that they cannot use VIEWs to provide
>>user-specific views on data. I could be wrong, but I'd put money on it...
>>
>>
>
>Well, I'd say that giving regular users the "create" permission on your
>database/schema is unwise, period. I don't, even when the only user is
>"phpuser". SQL injections attacks are no fun.
>
>Also, as Andrew points out, this can't be used to circumvent view-based
>security if you've set it up correctly; if the user can't "select * from
>table", then he can't write a function to "select * from table."
>
>
>
Seems it's a bit more complicated. Kris Jurka has explained to me how
one might be able to, at least theoretically. Perhaps Mike needs to do
something like:
revoke usage on language sql from public;
on his db. Then users could continue to use functions he has defined,
but not subvert things via their own functions. That will certainly go
into my list of db hardening tips and tricks.
cheers
andrew
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Palle Girgensohn | 2005-05-08 22:31:26 | Re: Patch for collation using ICU |
| Previous Message | Andrew Dunstan | 2005-05-08 19:03:46 | Re: Patch for collation using ICU |