Re: Hardening PostgreSQL via (optional) ban on local file system access

Поиск
Список
Период
Сортировка
От Laurenz Albe
Тема Re: Hardening PostgreSQL via (optional) ban on local file system access
Дата
Msg-id 2c3408a04a94f482247a8e646f5778d7b92a4923.camel@cybertec.at
обсуждение исходный текст
Ответ на Re: Hardening PostgreSQL via (optional) ban on local file system access  (Andres Freund <andres@anarazel.de>)
Ответы Re: Hardening PostgreSQL via (optional) ban on local file system access  (Andres Freund <andres@anarazel.de>)
Re: Hardening PostgreSQL via (optional) ban on local file system access  (Hannu Krosing <hannuk@google.com>)
Список pgsql-hackers
Дерево обсуждения 
On Tue, 2022-06-28 at 16:27 -0700, Andres Freund wrote:
> > Experience shows that 99% of the time one can run PostgreSQL just fine
> > without a superuser
> 
> IME that's not at all true. It might not be needed interactively, but that's
> not all the same as not being needed at all.

I also disagree with that.  Not having a superuser is one of the pain
points with using a hosted database: no untrusted procedural languages,
no untrusted extensions (unless someone hacked up PostgreSQL or provided
a workaround akin to a SECURITY DEFINER function), etc.

Yours,
Laurenz Albe

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Alexander Pyhalov
Дата:
Сообщение: Re: CREATE INDEX CONCURRENTLY on partitioned index
Следующее
От: Pantelis Theodosiou
Дата:
Сообщение: Re: PostgreSQL 15 beta 2 release announcement draft