Re: Postgresql -- initial impressions and comments
scott.marlowe <scott.marlowe@ihs.com>
From: "scott.marlowe" <scott.marlowe@ihs.com>
To: <wsheldah@lexmark.com>
Cc: "j.random.programmer" <javadesigner@yahoo.com>, <pgsql-general@postgresql.org>
Date: 2002-12-04T23:13:58Z
Lists: pgsql-general
On Wed, 4 Dec 2002 wsheldah@lexmark.com wrote: > > Thanks for your summary and very constructive criticism. I've also found > the postgresql community to be very helpful and supportive. (Thanks > everyone!) > > I want to add something with regard to security and running as root. > First, if postgresql runs as root and is bound to an internal interface, > someone getting root access to the box through a postgresql exploit would > have access to everything on that box, including other interfaces. Second, > many security threats and attacks are launched from within companies, or > from within corporate firewalls. You need to guard against these as well. > This could happen either because an employee or contractor decides to work > against the company for whatever reason, or because another box on the LAN > is compromised from outside, and is then used to attack other servers > within the LAN. You can never have too many layers of security, especially > when you get an extra layer for the low low price of adding another user > and group. :-) also, think of a mistake with the copy command: copy table to /etc/passwd; or copy table to /dev/hda; As postgres, no big deal. Access denied. As root, kaboom.