Re: Hot to restrict access to subset of data - Mailing list pgsql-general

From Dawid Kuroczko
Subject Re: Hot to restrict access to subset of data
Date
Msg-id 758d5e7f05070317077c028638@mail.gmail.com
Whole thread Raw
In response to Re: Hot to restrict access to subset of data  (Gregory Youngblood <pgcluster@netio.org>)
List pgsql-general
On 7/4/05, Gregory Youngblood <pgcluster@netio.org> wrote:
> I would strongly suggest that you create a database specific user,
> one that has read/write access within this database, and that your
> application use that user instead of the pg super user.
>
> In general, the "super user" should never be used, except for
> specific administrative tasks. This holds true for Windows
> Administrator, Unix root, and postgresql's postgres users. If your
> application runs under a single user to the database, then that
> single user should be one that you create specifically for that
> purpose, and not the postgres user.

Exactly.  And the reasons are quite important also.  PostgreSQL
superuser has right to run unsecure scripts.  Let's assume the
unlikely situation that someone finds a hole in your page which
will allow her to do some SQL injections/etc.The "normal" user
is limited to what that user can do.  In your case, probably wipe
out much of data.  But superuser has right to make scripts
which are unsafe.  In other words -- has right to execute almost
any command in name of UNIX postgres user. If abuser is skillful,
she can run some local root exploit and gain root priveleges,
assuming there is some local hole open.  When using "normal"
user (who owns all the tables and so on; so is not limited from
point of view of application), it would be (much) harder for her
to gain such an access.

   Regards,
      Dawid

pgsql-general by date:

Previous
From: Gregory Youngblood
Date:
Subject: Re: Hot to restrict access to subset of data
Next
From: Matthew Terenzio
Date:
Subject: tsearch2 errors after db move