| From: | PG Doc comments form <noreply(at)postgresql(dot)org> |
|---|---|
| To: | pgsql-docs(at)lists(dot)postgresql(dot)org |
| Cc: | cc(at)sse-ag(dot)ch |
| Subject: | Potential vuln in example for "F.25.1.1. digest()" |
| Date: | 2021-08-17 16:11:53 |
| Message-ID: | 162921671324.1653.2466671901617491685@wrigleys.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-docs |
The following documentation comment has been logged on the website:
Page: https://www.postgresql.org/docs/13/pgcrypto.html
Description:
Hi,
in "F.25.1.1. digest()" you suggest:
CREATE OR REPLACE FUNCTION sha1(bytea) returns text AS $$
SELECT encode(digest($1, 'sha1'), 'hex')
$$ LANGUAGE SQL STRICT IMMUTABLE;
While this is a great example, it may expose a database app to
vulnerabilities if the attacker succeeds in overriding the function
sha1(...) in the app's user context (schema). This may or may not require
administrative privileges.
Explicitly putting it into the "postgres" schema and calling it using
"postgres.sha1(...)" could mitigate the risk in such a way that
administrative privileges are required.
Do you have an even better solution to secure it?
:-) Beat
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David G. Johnston | 2021-08-17 18:06:34 | Re: Potential vuln in example for "F.25.1.1. digest()" |
| Previous Message | David G. Johnston | 2021-08-10 03:40:20 | Re: incorrect information in documentation |