Re: user-based query white list

From: Andrew Chernow <ac(at)esilo(dot)com>
To: Andrew Dunstan <andrew(at)dunslane(dot)net>
Cc: Merlin Moncure <mmoncure(at)gmail(dot)com>, Hannu Krosing <hannu(at)krosing(dot)net>, Grzegorz Jaskiewicz <gj(at)pointblue(dot)com(dot)pl>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: user-based query white list
Date: 2008-12-07 17:27:27
Message-ID: 493C077F.1090509@esilo.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Andrew Dunstan wrote:
>
>
> Andrew Chernow wrote:
>>
>> I think what is missing is a way to deny the execution of queries that
>> don't operate on an object (like a table, sequence, role, schema,
>> etc...), OR queries not covered by the priv system. Object-based
>> queries can be locked down using the existing priv system. Not sure
>> if denying non-object related queries would work; what happens when
>> you call "SELECT NOW()" within an allowed function?
>>
>>
>
> What exactly are you trying to protect against?
>
> In general, my attitude is that databases should not allow direct access
> from untrusted sources. The API restriction you are talking about is
> something that is trivially easy to build into middleware, and only the
> middleware should be allowed access to the database.
>
> cheers
>
> andrew
>
>

Why must this be done in middleware? Middleware wouldn't be needed as
protection against untrusted sources if random queries could be denied. My
little hack in PostgresMain() made it impossible to execute queries unless they
are on a white list (there could be better ways of doing this). Now add in SSL
and verification of certificates and things are tightly nailed down; as much as
the classic application server (middleware) would be ... no?

--
Andrew Chernow
eSilo, LLC
every bit counts
http://www.esilo.com/

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message David Rowley 2008-12-07 19:42:38 Re: Windowing Function Patch Review -> Standard Conformance
Previous Message Hiroshi Inoue 2008-12-07 16:48:20 Re: BUG #4186: set lc_messages does not work