> Does the application really need superuser privileges or is that
> just a convenience? It's usually a good idea to follow the "Principle
> of Least Privilege" -- do some searches on that phrase to learn
> more about it and the rationale for following it.
> Whether this approach is "secure and better" depends on the application
> requirements, the threat model, how well the application is written,
> etc. As Bruno pointed out, if users have enough access to the
> system that they could discover the account name and password, then
> they could easily bypass the application's security. Another
> potential problem is SQL injection: if the application isn't careful
> with how it handles user input, then specially-crafted data could
> result in the pre-defined queries doing more than intended. You'll
> have to evaluate the risks and benefits of the various approaches
> in the context of your own environment; there's no universal "this
> way is better" answer.
My application is general purpose accounting and sales application. If
database does not exists, it prompts user and creates new database containig
some hundreds of tables and
upsizes local data to database.
Each database can have a lot of schemas. Each schema represents a single
company. All those schemas have exactly the same tables, each schema
contains 80 tables.
In public schema I store tables common for all companies (60 tables).
So I seems that my application needs to be run with super-user privileges in
Postgres.
Andrus
