| From: | ohp(at)pyrenet(dot)fr |
|---|---|
| To: | pgsql-hackers list <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | security flaw |
| Date: | 2003-06-07 18:04:28 |
| Message-ID: | Pine.UW2.4.53.0306071957510.19414@server.pyrenet.fr |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi all,
I wonder if it's a security problem: One of my customer noticed that he
could see all databases on the system with phppgadmin. not only he sees
databases but tables, views, fonctions... Fortunatly he can't see any row.
This customer has the ability to create databases but not users.
I wonder if the super_user privilege should be separated from the
priviledge of creating databases/users.
I alose think that only a superuser should list databases and objects.
What do you think?
Regards
--
Olivier PRENANT Tel: +33-5-61-50-97-00 (Work)
Quartier d'Harraud Turrou +33-5-61-50-97-01 (Fax)
31190 AUTERIVE +33-6-07-63-80-64 (GSM)
FRANCE Email: ohp(at)pyrenet(dot)fr
------------------------------------------------------------------------------
Make your life a dream, make your dream a reality. (St Exupery)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | James Pye | 2003-06-07 18:17:03 | FROM ONLY limitation in RICs |
| Previous Message | Bruce Momjian | 2003-06-07 16:33:10 | Re: Proposal to Re-Order Postgresql.Conf, part II |