Re: [GENERAL] Postgres CGI Security Problem
| От | Chris Hardie |
|---|---|
| Тема | Re: [GENERAL] Postgres CGI Security Problem |
| Дата | |
| Msg-id | Pine.NEB.4.02.9808081229300.17924-100000@summersault.com обсуждение исходный текст |
| Ответ на | Re: [GENERAL] Postgres CGI Security Problem (Maarten Boekhold <maartenb@dutepp0.et.tudelft.nl>) |
| Ответы |
Re: [GENERAL] Postgres CGI Security Problem
(Maarten Boekhold <maartenb@dutepp0.et.tudelft.nl>)
Re: [GENERAL] Postgres CGI Security Problem ("Shawn T. Walker" <swalker@iac.net>) |
| Список | pgsql-general |
The Apache suexec solution sounds like my quickest fix yet.
The solutions involving setting up a httpd server running as a user that
can access my particular database still leaves my users` databases open to
write by other users, and seems kind of messy (but effective).
Several folks mentioned supplying a password to the database through the
CGI script. I had a hard time finding good documentation on this scheme;
psql apparently supports the "-u" option that prompts for a password (and
I assume you're prompted anyway when you have the "crypt" option set for a
user/database in pg_dba.conf). But if you look in the source code for
psql, it seems there are two methods to connect to a database, PQconnectdb
which does allow for username/password, and PQsetdb, which *does not*.
This means that someone could theoretically write a PERL module that uses
the latter method to connect and bypass the password scheme.
In anycase, I'm using the Postgres.pm module with PERL, and it doesn't
seem to support the passing of a username/password pair (correct me if I'm
wrong) from a CGI script. I'll attempt to code that, unless someone has
done it already.
Thanks for all your help!
Chris
On Sat, 8 Aug 1998, Maarten Boekhold wrote:
> On Sat, 8 Aug 1998, Vadim Mikheev wrote:
>
> > Chris Hardie wrote:
> > >
> > > The situation: I have one machine with general user access. Some users
> > > (including myself) own a postgres database. Some users (including myself)
> > > use postgres as a back-end for CGI applications, using the Postgres.pm
> > > module for Perl. This requires that user "nobody" (or www, or whomever)
> > > have read/write access to my database.
> > >
> > > The problem: While it's very handy that I can write CGI scripts that can
> > > read/write my database, it's a security problem. Other users` CGI scripts
> > > will also make use of the "nobody" identity to access the database, which
> > > means they can potentially read/write the data in my database if they
> > > wanted to.
> > >
> > > The fix: You tell me. It would seem to involve a "setuid" of sorts for
> > ^^^^^^
> > > how the httpd process accesses the postgres database.
> >
> > Apache has suexec program ro run user' CGI and SSI under
> > user' privileges...
>
> And you could ofcourse always use password authenication for those
> databases....
>
> Maarten
>
> ps. only problem is that those passwords have to be in your perl-script,
> and that script has to be world-readable, unless you have a system that
> supports ACL's, then you can set it only readable to user nobody or www
> or whatever
>
> _____________________________________________________________________________
> | TU Delft, The Netherlands, Faculty of Information Technology and Systems |
> | Department of Electrical Engineering |
> | Computer Architecture and Digital Technique section |
> | M.Boekhold@et.tudelft.nl |
> -----------------------------------------------------------------------------
>
---------------------------------------------
Chris Hardie chris@summersault.com
http://www.summersault.com/chris
vincendum est
---------------------------------------------
В списке pgsql-general по дате отправления: