| From: | "murphy pope" <pope_murphy(at)hotmail(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Why is ALLOW_ABSOLUTE_DBPATHS unsafe? |
| Date: | 2002-05-13 15:20:27 |
| Message-ID: | F35Elit7vjMswbiks7D00013599@hotmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Thanks Thomas.
>>Maybe I'm just not devious enough, but I can't figure out what the risks
>>are. Can anyone enlighten me?
>
>Security issues include allowing non-privileged users access to
>uncontrolled areas of storage. A devious non-privileged user might be
>able to execute privileged code or otherwise mess around with data.
Oh, because the DBPATH directory and files will be created by and owned by
user postgres instead of the actual user, right?
>Data integrity issues include having the DBA lose control over *where*
>data in the database is actually located. If a user decides to configure
>some tables under /tmp, the DBA will have no way of knowing and will
>have no opportunity to help plan the data storage strategy for his
>system.
I'm not sure that's completely true, but maybe that's because I haven't
played with alternate locations enough. Can't you look at the dbpath column
pg_database to find out where all databases are located? I realize that you
have to *know* to look there.
_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Oliver Elphick | 2002-05-13 15:24:36 | Re: Use of OIDS as primary keys |
| Previous Message | Joe Conway | 2002-05-13 15:00:23 | Re: can Function return a row ??? |