Heavy security bug in 7.2.2-16?
| От | Heiko Schroeder |
|---|---|
| Тема | Heavy security bug in 7.2.2-16? |
| Дата | |
| Msg-id | 200212270327.21106.heikos@foni.net обсуждение |
| Ответы |
Re: Heavy security bug in 7.2.2-16?
|
| Список | pgsql-novice |
Dear list, as far as I have made my experiences in version 7.2.2-16 (SuSE Linux 8.1) it is possible for *every* user which is able to create a database and/or is able to create new users to delete a database from every other user. I did not find any hints in the FAQ or archives. Especially when the superuser postmaster creates a database, e.g. test, a normal user although he is *not* the owner, if it is not denied that he can create new databases AND that he can create new users, can delete the database even if there are restrictions made on a table within the database by the owner (GRANT). I cannot find the mistake I have made, since in an older version this problem did not occur. Thanks a lot. Heiko -- Heiko Schroeder Ahrensburg, Germany http://home.foni.net/~heikos
В списке pgsql-novice по дате отправления: