We are trying to determine the possible side effects of a rouge user account.
A web application requires a dedicated PostgreSQL database in which to
create tables and other database objects and manipulate data within
this single database. So I have created a database and made the
application's PostgreSQL login role be the owner of this database.
They however have no CREATEDB, CREATEROLE privileges and so on.
If this web application is compromised in one way or another such as
SQL injection (assuming the web application doesn't strictly make use
of parametrized queries). Or somehow the username and password stored
in the application's code are stolen. What extend of damage would the
hacker inflict.
I am assuming:
1) data and database objects may only be deleted, dropped or stolen
from only this single database as the given user role may only login
into this single database. New unwelcome database objects may also be
created in this database.
2) Possible denial of service attack where such user may run expensive
SELECT or data modification queries.
Are there other problems we may expect. Can they run any OS programs
or install any such tools, induce buffer overflows and so on.?
Regards,
Allan.