[HACKERS] search path security issue?

Поиск
Список
Период
Сортировка
От Joshua D. Drake
Тема [HACKERS] search path security issue?
Дата
Msg-id 9badbdb1-2519-5416-7d2a-55ff50a5963e@commandprompt.com
обсуждение исходный текст
Ответы Re: [HACKERS] search path security issue?  (Tom Lane <tgl@sss.pgh.pa.us>)
Re: [HACKERS] search path security issue?  ("David G. Johnston" <david.g.johnston@gmail.com>)
Список pgsql-hackers
Дерево обсуждения 
-hackers,

Please see the below:

"""
postgres=# create user foo;
CREATE ROLE
postgres=# create schema foo;
CREATE SCHEMA
postgres=# alter role foo set search_path to 'foo';
ALTER ROLE
postgres=# \q
jd@jd-wks:~$ psql -U foo postgres
psql (9.6.5)
Type "help" for help.

postgres=> show search_path; search_path
------------- foo
(1 row)

postgres=> alter role foo set search_path to default;
ALTER ROLE
postgres=> show search_path; search_path
------------- foo
(1 row)

postgres=> \q


jd@jd-wks:~$ psql -U foo postgres
psql (9.6.5)
Type "help" for help.

postgres=> show search_path;   search_path
----------------- "$user", public
(1 row)


I get being able to change my search_path on the fly but it seems odd 
that as user foo I can change my default search path?

JD



-- 
Command Prompt, Inc. || http://the.postgres.company/ || @cmdpromptinc

PostgreSQL Centered full stack support, consulting and development.
Advocate: @amplifypostgres || Learn: https://pgconf.us
*****     Unless otherwise stated, opinions are my own.   *****


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Robert Haas
Дата:
Сообщение: Re: [HACKERS] Proposal for CSN based snapshots
Следующее
От: Tom Lane
Дата:
Сообщение: Re: [HACKERS] search path security issue?