| From: | Bruno Wolff III <bruno(at)wolff(dot)to> |
|---|---|
| To: | Ken Tanzer <ken(dot)tanzer(at)gmail(dot)com> |
| Cc: | PG-General Mailing List <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Limiting DB access by role after initial connection? |
| Date: | 2017-06-11 19:15:55 |
| Message-ID: | 20170611191555.GA26280@wolff.to |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Fri, Jun 09, 2017 at 21:14:15 -0700,
Ken Tanzer <ken(dot)tanzer(at)gmail(dot)com> wrote:
>On Fri, Jun 9, 2017 at 5:38 PM, Bruno Wolff III <bruno(at)wolff(dot)to> wrote:
>
>Seems to me they are separate issues. App currently has access to the
>password for accessing the DB. (Though I could change that to ident access
>and skip the password.) App 1) connects to the DB, 2) authenticates the
>user (within the app), then 3) proceeds to process input, query the DB,
>produce output. If step 2A becomes irrevocably changing to a site-specific
>role, then at least I know that everything that happens within 3 can't
>cross the limitations of per-site access. If someone can steal my password
>or break into my backend, that's a whole separate problem that already
>exists both now and in this new scenario.
In situations where a person has enough access to the app (e.g. it is a
binary running on their desktop) to do spurious role changes, they likely
have enough acces to hijack the database connection before privileges
are dropped.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Kerber | 2017-06-11 19:52:54 | Re: Huge Pages - setting the right value |
| Previous Message | Pavel Stehule | 2017-06-11 17:18:48 | Re: Inconsistent performance with LIKE and bind variable on long-lived connection |