|
Home > Archive > PostgreSQL Administration > January 2006 > [pgsql-admin] Simple question about security in 8.1.1
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
[pgsql-admin] Simple question about security in 8.1.1
|
|
| Dan Bikle 2006-01-22, 8:24 pm |
| People,
I just installed postgreSQL 8.1.1 on my free-bsd box:
Creation of a database is easy:
bash-2.05b$ id
uid=70(pgsql) gid=70(pgsql) groups=70(pgsql)
bash-2.05b$ createdb -O pgsql db10
CREATE DATABASE
bash-2.05b$
I took a peek at help:
bash-2.05b$ psql --help
This is psql 8.1.1, the PostgreSQL interactive terminal.
Usage:
psql [OPTIONS]... [DBNAME [USERNAME]]
General options:
-d DBNAME specify database name to connect to (default: "pgsql")
-c COMMAND run only single command (SQL or internal) and exit
-f FILENAME execute commands from file, then exit
-l list available databases, then exit
-v NAME=VALUE set psql variable NAME to VALUE
-X do not read startup file (~/.psqlrc)
--help show this help, then exit
--version output version information, then exit
Input and output options:
-a echo all input from script
-e echo commands sent to server
-E display queries that internal commands generate
-q run quietly (no messages, only query output)
-o FILENAME send query results to file (or |pipe)
-n disable enhanced command line editing (readline)
-s single-step mode (confirm each query)
-S single-line mode (end of line terminates SQL command)
-L FILENAME send session log to file
Output format options:
-A unaligned table output mode (-P format=unaligned)
-H HTML table output mode (-P format=html)
-t print rows only (-P tuples_only)
-T TEXT set HTML table tag attributes (width, border) (-P tableattr=)
-x turn on expanded table output (-P expanded)
-P VAR[=ARG] set printing option VAR to ARG (see \pset command)
-F STRING set field separator (default: "|") (-P fieldsep=)
-R STRING set record separator (default: newline) (-P recordsep=)
Connection options:
-h HOSTNAME database server host or socket directory (default:
"local socket")
-p PORT database server port (default: "5432")
-U NAME database user name (default: "pgsql")
-W prompt for password (should happen automatically)
For more information, type "\?" (for internal commands) or "\help"
(for SQL commands) from within psql, or consult the psql section in
the PostgreSQL documentation.
Report bugs to <pgsql-bugs@postgresql.org>.
bash-2.05b$
I read up on creation of a database user.
Creation of a user inside the database is easy:
bash-2.05b$ psql db10 pgsql
Welcome to psql 8.1.1, the PostgreSQL interactive terminal.
Type: �$B!@�(Bcopyright for distribution terms
�$B!@�(Bh for help with SQL commands
�$B!@�(B? for help with psql commands
�$B!@�(Bg or terminate with semicolon to execute query
�$B!@�(Bq to quit
db10=# �$B!@�(Bh create user
Command: CREATE USER
Description: define a new database role
Syntax:
CREATE USER name [ [ WITH ] option [ ... ] ]
where option can be:
SUPERUSER | NOSUPERUSER
| CREATEDB | NOCREATEDB
| CREATEROLE | NOCREATEROLE
| CREATEUSER | NOCREATEUSER
| INHERIT | NOINHERIT
| LOGIN | NOLOGIN
| CONNECTION LIMIT connlimit
| [ ENCRYPTED | UNENCRYPTED ] PASSWORD 'password'
| VALID UNTIL 'timestamp'
| IN ROLE rolename [, ...]
| IN GROUP rolename [, ...]
| ROLE rolename [, ...]
| ADMIN rolename [, ...]
| USER rolename [, ...]
| SYSID uid
db10=# CREATE USER scott PASSWORD 'tiger';
CREATE ROLE
db10=#
So, now I have a user named scott with password of tiger.
I login to another unix account named 'oracle'.
bash-2.05b$ id
uid=1004(oracle) gid=1005(oracle) groups=1005(oracle)
bash-2.05b$
bash-2.05b$
I'm allowed to connect to the db10 database without authentication!:
bash-2.05b$ psql db10 scott
Welcome to psql 8.1.1, the PostgreSQL interactive terminal.
Type: �$B!@�(Bcopyright for distribution terms
�$B!@�(Bh for help with SQL commands
�$B!@�(B? for help with psql commands
�$B!@�(Bg or terminate with semicolon to execute query
�$B!@�(Bq to quit
db10=> create table dropme (n integer);
CREATE TABLE
db10=> drop table dropme;
DROP TABLE
db10=>
This seems insecure.
How do I create a postgreSQL user account such that attempts to connect
to it require authentication?
-Dan
---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?
http://www.postgresql.org/docs/faq
| |
| Stephan Szabo 2006-01-23, 3:23 am |
| On Sun, 22 Jan 2006, Dan Bikle wrote:
> I'm allowed to connect to the db10 database without authentication!:
>
> bash-2.05b$ psql db10 scott
> Welcome to psql 8.1.1, the PostgreSQL interactive terminal.
>
> Type: ¡Àcopyright for distribution terms
> ¡Àh for help with SQL commands
> ¡À? for help with psql commands
> ¡Àg or terminate with semicolon to execute query
> ¡Àq to quit
>
> db10=> create table dropme (n integer);
> CREATE TABLE
> db10=> drop table dropme;
> DROP TABLE
> db10=>
>
> This seems insecure.
>
> How do I create a postgreSQL user account such that attempts to connect
> to it require authentication?
You probably should look at the following:
http://www.postgresql.org/docs/8.1/...entication.html
---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?
http://www.postgresql.org/docs/faq
| |
| Joshua D. Drake 2006-01-23, 3:23 am |
| >
>
> This seems insecure.
>
> How do I create a postgreSQL user account such that attempts to connect
> to it require authentication?
>
http://www.postgresql.org/docs/8.1/...entication.html
>
> -Dan
>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/docs/faq
>
---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to majordomo@postgresql
.org so that your
message can get through to the mailing list cleanly
|
|
|
|
|