On Apr 14, 2006, at 6:47 PM, Peter van der Maas wrote:
> Hello,
>
> Is it correct to assume that if a user has write permission to
> \data\global\pg_auth on a Win32 machine, the superuser's MD5 hash
> can be
> replaced with one of a known origin in order to own the DB?
Probably. It'd be much easier to edit pg_hba.conf, though.
If anyone other than postgres has read permission, let alone write
permission, to /usr/local/pgsql/data or equivalent, or anywhere
underneath
there, you're on very shaky security grounds.
>
> I do practice as noted in the Win FAQ, just want to make sure I am not
> missing something:
>
> "If you are running PostgreSQL on a multi-user system, you should
> remove
> the permissions from all non-administrative users from the PostgreSQL
> directories. No user ever needs permissions on the PostgreSQL files -
> all communication is done through the libpq connection. Direct
> access to
> data files can lead to information disclosure or system instability!"
As in "We 0wn3rz y0uz database".
Cheers,
Steve