| From: | "Albe Laurenz" <laurenz(dot)albe(at)wien(dot)gv(dot)at> |
|---|---|
| To: | "Tom Lane *EXTERN*" <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | <eduardohitek(at)gmail(dot)com>, <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Postgres Security Checklist |
| Date: | 2009-04-06 14:13:47 |
| Message-ID: | D960CB61B694CF459DCFB4B0128514C202FF654A@exadv11.host.magwien.gv.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Tom Lane wrote:
> > Here is my personal security checklist for PostgreSQL:
>
> > - Check that there is no SQL function with SECURITY DEFINER.
>
> Uh, that seems a pretty strange restriction. Generally, if you are
> actually concerned about security at the SQL-command level, you're
> going to have to have some SECURITY DEFINER functions. You can't
> build a Unix system without suid programs, either.
I was referring to
http://archives.postgresql.org/pgsql-general/2007-02/msg00646.php
I should have been more precise - I mean "functions with LANGUAGE SQL".
I guess the security leak is fixed with the SET clause in CREATE FUNCTION,
so this is probably obsolete.
> > - Check that pg_hba.conf forbids remote connections to use "password", "crypt" or "ident" authentication.
>
> Most people think that remote "ident" is not very secure.
That's what I mean.
Again, I should have been more precise:
- Make sure that pg_hba.conf does not permit remote connections to use
"password", "crypt" or "ident" authentication.
Yours,
Laurenz Albe
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Albe Laurenz | 2009-04-06 14:27:12 | Re: Number Conversion Function |
| Previous Message | Tom Lane | 2009-04-06 14:11:39 | Re: Number Conversion Function |