Home > mailing lists

Re: Worst case scenario of a compromised non super-user PostgreSQL user account - Mailing list pgsql-general

From	Andrew Sullivan
Subject	Re: Worst case scenario of a compromised non super-user PostgreSQL user account
Date	February 21, 2011 11:51:45
Msg-id	20110221125134.GA32224@shinkuro.com Whole thread Raw
In response to	Worst case scenario of a compromised non super-user PostgreSQL user account (Allan Kamau <kamauallan@gmail.com>)
List	pgsql-general

Tree view

On Mon, Feb 21, 2011 at 10:44:05AM +0300, Allan Kamau wrote:

> A web application requires a dedicated PostgreSQL database in which to
> create tables and other database objects and manipulate data within
> this single database.

Why does the web application need to create tables?

I usually prefer to have two accounts: one owns the objects, and
another that has INSERT/DELETE/UPDATE and so on permissions.

If the application is creating tables, you might want to ask yourself why.

Other than that, what others said.

A

--
Andrew Sullivan
ajs@crankycanuck.ca

pgsql-general by date:

From: Roedy Green
Date: 21 February 2011, 10:03:56
Subject: Re: password

From: Geoffrey Myers
Date: 21 February 2011, 12:16:48
Subject: Re: disable triggers using psql

Re: Worst case scenario of a compromised non super-user PostgreSQL user account - Mailing list pgsql-general

Previous

Next