Home > mailing lists

security flaw - Mailing list pgsql-hackers

From	ohp@pyrenet.fr
Subject	security flaw
Date	June 9, 2003 08:07:01
Msg-id	Pine.UW2.4.53.0306071957510.19414@server.pyrenet.fr Whole thread Raw
Responses	Re: security flaw (Robert Treat <xzilla@users.sourceforge.net>) Re: security flaw ("scott.marlowe" <scott.marlowe@ihs.com>)
List	pgsql-hackers

Tree view

Hi all,

I wonder if it's a security problem: One of my customer noticed that he
could see all databases on the system with phppgadmin. not only he sees
databases but tables, views, fonctions... Fortunatly he can't see any row.

This customer has the ability to create databases but not users.
I wonder if the super_user privilege should be separated from the
priviledge of creating databases/users.

I alose think that only a superuser should list databases and objects.

What do you think?

Regards

-- 
Olivier PRENANT             Tel:    +33-5-61-50-97-00 (Work)
Quartier d'Harraud Turrou           +33-5-61-50-97-01 (Fax)
31190 AUTERIVE                      +33-6-07-63-80-64 (GSM)
FRANCE                      Email: ohp@pyrenet.fr
------------------------------------------------------------------------------
Make your life a dream, make your dream a reality. (St Exupery)

pgsql-hackers by date:

From: James Pye
Date: 09 June 2003, 08:00:28
Subject: FROM ONLY limitation in RICs

From: Bruce Momjian
Date: 09 June 2003, 08:16:50
Subject: Re: Proposal to Re-Order Postgresql.Conf, part II

security flaw - Mailing list pgsql-hackers

Previous

Next