Home > mailing lists

Re: Is there any such thing as PostgreSQL security on a - Mailing list pgsql-general

From	Jochem van Dieten
Subject	Re: Is there any such thing as PostgreSQL security on a
Date	July 29, 2002 12:40:06
Msg-id	3D4545B6.1000502@oli.tudelft.nl Whole thread Raw
In response to	Is there any such thing as PostgreSQL security on a hosted website? ("Scott Gammans" <nospam_deepgloat@yahoo.com>)
List	pgsql-general

Tree view

Scott Gammans wrote:
>
> What is to stop a company that is hosting my
> PostgreSQL-enabled website from changing my
> pg_hba.conf file to "TRUST" so that they can go in and
> snoop around my online PostgreSQL databases?

Nothing.


> My website is currently being hosted by a company that
> includes 10 PostgreSQL databases, but they do not
> allow me superuser access (the hosting company issues
> me a PostgreSQL userid/password that does not have
> "CREATEDB" privileges) and I am also on a shared
> instance of PostgreSQL with other users (I can see
> their userids from the phpPgAdmin tool).
>
> This seemed like an obvious security breach

Why? Others can see you, but they can't touch you. The only ones that
can touch you are the superusers, i.e. the hosting company. But they can
do that anyway since they have physical access to that machine.

Jochem

pgsql-general by date:

From: "Markus Wollny"
Date: 29 July 2002, 12:39:01
Subject: tsearch - Regression tests fail

From: nconway@klamath.dyndns.org (Neil Conway)
Date: 29 July 2002, 12:50:23
Subject: Re: UDFs, table functions, returning rows

Re: Is there any such thing as PostgreSQL security on a - Mailing list pgsql-general

Previous

Next