Re: Sample pg_hba.conf allows local users to access all databases

Поиск
Список
Период
Сортировка
От David G. Johnston
Тема Re: Sample pg_hba.conf allows local users to access all databases
Дата
Msg-id CAKFQuwaEgcxAu-NFF+v57yedfrzWxdgc+b00fXd3gK3PT-7PeA@mail.gmail.com
обсуждение исходный текст
Ответ на Sample pg_hba.conf allows local users to access all databases  (William Edwards <wedwards@cyberfusion.nl>)
Ответы Re: Sample pg_hba.conf allows local users to access all databases
Список pgsql-general
Дерево обсуждения
On Tue, Aug 1, 2023 at 10:13 AM William Edwards <wedwards@cyberfusion.nl> wrote:
This allows all local users connecting over TCP to access all databases,
not only the databases that the user is a member of as one might expect.

Proof that user is able to access database that it is not a member of is
below.

Roles do not gain membership in databases.  Roles can be granted permissions on databases (mainly CONNECT).  And all roles, via PUBLIC, get connect privileges on all databases by default.  So the pg_hba.conf entry is not causing something to happen against the wishes of the privileges system.

https://www.postgresql.org/docs/current/ddl-priv.html

And yes, this is a usability vs secure-by-default that hasn't seen enough complaint to take on changing the default.

David J.

В списке pgsql-general по дате отправления:

Предыдущее
От: Christophe Pettus
Дата:
Сообщение: Re: Sample pg_hba.conf allows local users to access all databases
Следующее
От: Amn Ojee Uw
Дата:
Сообщение: Re: error: connection to server on socket...