From: | Andrew McMillan <andrew(at)catalyst(dot)net(dot)nz> |
---|---|
To: | eric soroos <eric-psql(at)soroos(dot)net> |
Cc: | pgsql-novice(at)postgresql(dot)org |
Subject: | Re: Security Implications |
Date: | 2002-08-24 12:18:24 |
Message-ID: | 1030191504.18299.612.camel@kant.mcmillan.net.nz |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-novice |
On Sat, 2002-08-24 at 04:46, eric soroos wrote:
>
> Say I have a web app that is connecting to a database as an unprivleged user.
> This database contains one client's data (all of it, and only that client's data). Also assume that the client is reasonably clueful and wants to do data mining above and beyond what I present through a web interface.
>
> What damage could they do if given the ability to type in sql queries and execute them?
>
> Obviously they could hose their own data. They could also do expensive joins.
> Can they connect to another database?
Yes, but they can be required to enter passwords to do so.
> Can they interact at all with the file system?
There are some commands that can affect the filesystem, but in general
it isn't possible. The filesystem can only be affected as the user that
runs the postmaster, and this is not root in any sensible installation.
I would not trust a person with SQL command line, if I wasn't able to
trust them in general as the dba user logged locally into the box.
Cheers,
Andrew.
--
--------------------------------------------------------------------
Andrew @ Catalyst .Net.NZ Ltd, PO Box 11-053, Manners St, Wellington
WEB: http://catalyst.net.nz/ PHYS: Level 2, 150-154 Willis St
DDI: +64(4)916-7201 MOB: +64(21)635-694 OFFICE: +64(4)499-2267
Survey for free with http://survey.net.nz/
From | Date | Subject | |
---|---|---|---|
Next Message | Aurangzeb M. Agha | 2002-08-25 20:39:13 | comments in load scripts |
Previous Message | eric soroos | 2002-08-23 16:46:26 | Security Implications |