Обсуждение: pgadmin security issue
<div class="Section1"><p class="MsoNormal"><i><font face="Arial" size="2"><span style="font-size:11.0pt;
font-family:Arial;font-style:italic">Hi,</span></font></i><p class="MsoNormal"><i><font face="Arial" size="2"><span
style="font-size:11.0pt;
font-family:Arial;font-style:italic">(pgadmin 1.8.2 )</span></font></i><p class="MsoNormal"><b><i><font face="Arial"
size="2"><spanstyle="font-size:11.0pt;
font-family:Arial;font-weight:bold;font-style:italic">PROBLEM 1</span></font></i></b><p class="MsoNormal"><i><font
face="Arial"size="2"><span style="font-size:11.0pt;
font-family:Arial;font-style:italic">Even though we can restrict a user for couple of databases , the user can
disconnectfrom the current session and edit the connection properties</span></font></i><p class="MsoNormal"><i><font
face="Arial"size="2"><span style="font-size:11.0pt;
font-family:Arial;font-style:italic">SO this means he could remove the </span></font></i><font face="Arial"
size="2"><spanstyle="font-size:11.0pt;font-family:Arial">DB restriction field<i><span style="font-style:italic"> “
datnameIN ('live_db', 'test_db') “ and reconnect and see all the other databases</span></i></span></font><p
class="MsoNormal"><i><fontface="Arial" size="2"><span style="font-size:11.0pt;
font-family:Arial;font-style:italic"> </span></font></i><p class="MsoNormal"><i><font face="Arial" size="2"><span
style="font-size:11.0pt;
font-family:Arial;font-style:italic">I recommend setting up a admin account at the time of installing pgadmin and only
bylogin in to the admin account of pgadmin should be able to create, edit and view connection
properties</span></font></i><pclass="MsoNormal"><i><font face="Arial" size="2"><span style="font-size:11.0pt;
font-family:Arial;font-style:italic"> </span></font></i><p class="MsoNormal"><b><i><font face="Arial" size="2"><span
style="font-size:11.0pt;
font-family:Arial;font-weight:bold;font-style:italic">PROBLEM 2</span></font></i></b><p class="MsoNormal"><i><font
face="Arial"size="2"><span style="font-size:11.0pt;
font-family:Arial;font-style:italic">When making a connection to the DB server with pgadmin if u use a valid db name
anda valid user login name</span></font></i><p class="MsoNormal"><i><font face="Arial" size="2"><span
style="font-size:11.0pt;
font-family:Arial;font-style:italic">Then pgadmin will allow access to the database with out checking the
password</span></font></i><pclass="MsoNormal"><i><font face="Arial" size="2"><span style="font-size:11.0pt;
font-family:Arial;font-style:italic">I mean if I type a wrong password BUT if the user account and the database is
validI will still be able to access the database</span></font></i><p class="MsoNormal"><i><font face="Arial"
size="2"><spanstyle="font-size:11.0pt;
font-family:Arial;font-style:italic"> </span></font></i><p class="MsoNormal"><i><font face="Arial" size="2"><span
style="font-size:11.0pt;
font-family:Arial;font-style:italic">I’m new to postgres so I’m not sure if this is a real bug or if this is a feature
,Please update me ASAP</span></font></i><p class="MsoNormal"><i><font face="Arial" size="2"><span
style="font-size:11.0pt;
font-family:Arial;font-style:italic">Thanks</span></font></i><p class="MsoNormal"><i><font face="Arial" size="2"><span
style="font-size:11.0pt;
font-family:Arial;font-style:italic">Suren</span></font></i></div><br />-- <br />This message has been scanned for
virusesand <br />dangerous content by <b>(RamaDBK - MailScanner)</b>, <br />and is believed to be clean.
Hi, Suren,
> //
>
> */PROBLEM 1/*
>
> /Even though we can restrict a user for couple of databases , the user
> can disconnect from the current session and edit the connection
> properties/
>
> /SO this means he could remove the /DB restriction field/ “ datname IN
> ('live_db', 'test_db') “ and reconnect and see all the other databases/
>
> / /
>
> /I recommend setting up a admin account at the time of installing
> pgadmin and only by login in to the admin account of pgadmin should be
> able to create, edit and view connection properties/
>
I think its not pgAdmin you should set permitions on. You should not
grant your user to connect to databases you don't want him to (in
postgreSQL).
>
> //
>
> / /
>
> */PROBLEM 2/*
>
> /When making a connection to the DB server with pgadmin if u use a
> valid db name and a valid user login name/
>
> /Then pgadmin will allow access to the database with out checking the
> password/
>
> /I mean if I type a wrong password BUT if the user account and the
> database is valid I will still be able to access the database/
>
> / /
>
> /I’m new to postgres so I’m not sure if this is a real bug or if this
> is a feature , Please update me ASAP/
>
> /Thanks/
>
> /Suren/
>
configure your postgresql. In file pg_hba.conf that you have "md5"
identification method, not "trust".
--
Julius Tuskenis
On Wed, Apr 23, 2008 at 8:11 AM, Julius Tuskenis <julius@nsoft.lt> wrote:
> Hi, Suren,
> >
> >
> > /Even though we can restrict a user for couple of databases , the user can
> disconnect from the current session and edit the connection properties/
> >
> > /SO this means he could remove the /DB restriction field/ " datname IN
> ('live_db', 'test_db') " and reconnect and see all the other databases/
> >
> >
> > /I recommend setting up a admin account at the time of installing pgadmin
> and only by login in to the admin account of pgadmin should be able to
> create, edit and view connection properties/
> >
> >
> I think its not pgAdmin you should set permitions on. You should not grant
> your user to connect to databases you don't want him to (in postgreSQL).
This is correct - the DB restriction option is not a security feature,
but a convenience feature to allow you to hide databases in which you
have no interest. This is most useful in schools or with hosting
providers where there may be large numbers of databases on the same
server, most of which are of no interest to an individual user.
As Julius correctly states, to *secure* databases, you must revoke
connect privileges on the server.
--
Dave Page
EnterpriseDB UK: http://www.enterprisedb.com