Re: Manage PostgreSQL Database for GITLAB Application? - Mailing list pgsql-general

From Stephen Frost
Subject Re: Manage PostgreSQL Database for GITLAB Application?
Date
Msg-id 20190121185300.GZ2528@tamriel.snowman.net
Whole thread Raw
In response to Manage PostgreSQL Database for GITLAB Application?  ("Hilbert, Karin" <ioh1@psu.edu>)
Responses Re: Manage PostgreSQL Database for GITLAB Application?
List pgsql-general
Greetings,

* Hilbert, Karin (ioh1@psu.edu) wrote:
> Does anyone manage a PostgreSQL database for a GITLAB application?

Yes.

> I have PostgreSQL v9.6 installed on my server & we are trying to migrate a GITLAB database there.
>
> The developer says that we need to use the public schema instead of the schema of the same name as the application
user.

Not sure this is really required but it also shouldn't hurt anything
really- I'd definitely have the database be dedicated to gitlab.

> The schema that he provided me to restore also is revoking all privileges from the database owner & instead granting
allprivileges to PUBLIC. 

That's terrible.

> Has anyone else run across this?  I always thought that granting privileges to PUBLIC is a bad security thing to do?

Yes, that's bad from a security perspective and shouldn't be necessary.
GRANT rights to the user(s) the application logs into, don't just grant
them to PUBLIC- that would allow anyone on the system to have access.

> If anyone can offer any thoughts regarding this, it would be greatly appreciated.

Is this developer the only one who is going to be using this gitlab
instance..?  Sounds like maybe they want direct database access which
would only make sense if they're the one running it and should have full
access- but even then, I'd create a role and grant access to that role
and then grant them that role, if that's the requirement.  GRANT'ing
things to public isn't a good idea if you're at all concerned about
security.

Thanks!

Stephen

Attachment

pgsql-general by date:

Previous
From: Adrian Klaver
Date:
Subject: Re: Manage PostgreSQL Database for GITLAB Application?
Next
From: "Hilbert, Karin"
Date:
Subject: Re: Manage PostgreSQL Database for GITLAB Application?