Re: Disable executing external commands from psql?

From: Ken Tanzer <ken(dot)tanzer(at)gmail(dot)com>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: Disable executing external commands from psql?
Date: 2010-06-02 02:03:18
Message-ID: 4C05BBE6.4030708@gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

OK one more question on this thread. It occurs to me that for the web
app, DB username and password is read from a configuration file. (I
understand this to be a common method for web applications.) But since
apache needs to read the file, then all users can read each others'
passwords. Arrghh. I'm just wondering how web hosters typically deal
with this issue (or is your info for, say, Wordpress exposed to other
users if they know where to look for it?) Sorry if this is too off-topic...

Ken

I'll look at

On 06/01/2010 05:30 PM, Tom Lane wrote:
> Ken Tanzer<ken(dot)tanzer(at)gmail(dot)com> writes:
>
>>> The better way to go about that is to not let them have an account on
>>> the server machine in the first place.
>>>
>
>> Somehow, exposing my database ports to the internet scares me more than
>> any (possibly crazy) stuff I'm trying to do. :)
>>
> If you're exposing the ability to run psql, what makes you think you're
> not effectively exposing the database?
>
>
>> But seriously I think I need to give them accounts--I'm setting up
>> online instances of a web app, so they have a set of (editable) PHP
>> files, possibly some storage, a log file, etc. It seemed that setting
>> each up as its own user was better than going through some uber-process
>> that had access to all the files.
>>
> How are you going to let them edit the PHP files, or read the log file,
> if all they can get to is psql?
>
>
>> Just to be clear, cause I'm a little thick sometimes, it is not possible
>> to do this?
>>
> You could always build your own lobotomized version of psql. I think
> though that (a) this is not likely to close all the holes and (b) the
> whole concept needs rethinking anyway. psql is *meant* to be executed
> on the client side. You're trying to put the firewall in the wrong
> place, and what you're mainly going to accomplish is annoy your users.
> You will for example be making it awfully difficult for them to use
> \copy, \i, \e, \g, the list goes on.
>
> regards, tom lane
>

--
-------------------------------------------------------
AGENCY Software
For nonprofits that want to take control of their data

Use it. Like it. Share it. Build it. Buy it.
http://agency-software.org
-------------------------------------------------------

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Stephen Frost 2010-06-02 02:08:30 Re: Disable executing external commands from psql?
Previous Message Ken Tanzer 2010-06-02 01:53:24 Re: Disable executing external commands from psql?