Quick Links

Re: Worst case scenario of a compromised non super-user PostgreSQL user account

From:	Andrew Sullivan <ajs(at)crankycanuck(dot)ca>
To:	pgsql-general(at)postgresql(dot)org
Subject:	Re: Worst case scenario of a compromised non super-user PostgreSQL user account
Date:	2011-02-21 12:51:35
Message-ID:	20110221125134.GA32224@shinkuro.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

On Mon, Feb 21, 2011 at 10:44:05AM +0300, Allan Kamau wrote:

> A web application requires a dedicated PostgreSQL database in which to
> create tables and other database objects and manipulate data within
> this single database.

Why does the web application need to create tables?

I usually prefer to have two accounts: one owns the objects, and
another that has INSERT/DELETE/UPDATE and so on permissions.

If the application is creating tables, you might want to ask yourself why.

Other than that, what others said.

--
Andrew Sullivan
ajs(at)crankycanuck(dot)ca

In response to

Worst case scenario of a compromised non super-user PostgreSQL user account at 2011-02-21 07:44:05 from Allan Kamau

Browse pgsql-general by date

	From	Date	Subject
Next Message	Roman	2011-02-21 13:16:48	Deadlock on the same select for update
Previous Message	Sim Zacks	2011-02-21 10:58:00	Re: multiple tables as a foreign key