Thread

  1. Re: Postgresql -- initial impressions and comments

    wsheldah@lexmark.com — 2002-12-04T21:03:45Z

    Thanks for your summary and very constructive criticism. I've also found
    the postgresql community to be very helpful and supportive. (Thanks
    everyone!)
    
    I want to add something with regard to security and running as root.
    First, if postgresql runs as root and is bound to an internal interface,
    someone getting root access to the box through a postgresql exploit would
    have access to everything on that box, including other interfaces. Second,
    many security threats and attacks are launched from within companies, or
    from within corporate firewalls. You need to guard against these as well.
    This could happen either because an employee or contractor decides to work
    against the company for whatever reason, or because another box on the LAN
    is compromised from outside, and is then used to attack other servers
    within the LAN. You can never have too many layers of security, especially
    when you get an extra layer for the low low price of adding another user
    and group. :-)
    
    Wes Sheldahl
    
    
    
    
    "j.random.programmer" <javadesigner@yahoo.com>@postgresql.org on 12/04/2002
    02:14:37 PM
    
    Sent by:    pgsql-general-owner@postgresql.org
    
    
    To:    pgsql-general@postgresql.org
    cc:
    Subject:    Re: [GENERAL] Postgresql -- initial impressions and comments
    
    
    Thanks to everyone who responded to my initial post.
    Here are some followup comments:
    
    ---------------------------------------
    Original:
    No way to grant permissions on all tables
    within a database to some user. You have to grant
    permissions on each table one-by-one.
    
    Other comments:
    Many folks gave examples on how to do this
    via shell or plpgsql script.
    
    Followup:
    My suggestion is: please add a link from
    the command reference documentation page for the GRANT
    command to the appropriate page on
    technotes.postgresql.com that talks about this issue.
    
    ---------------------------------------
    Original:
    INSERT into foo values (null, 'a', 'b',...) does not
    work if the first column is serial. (null cannot be
    inserted into serial type).
    
    Other comments:
    - Even though mysql allows it, inserting null values
    into primary key fields and expecting the database to
    fill in the next 'autoincrement' value... that just
    seems very non-intuitive to me
    - NULL is not the same as DEFAULT.  Treating it the
    same is not correct.
    
    Followup:
    Please mention the ability to use 'DEFAULT' in the
    documentation for the serial type.
    
    ---------------------------------------
    Original:
    My wanting to run postmaster as non-root
    
    Other comments:
    - there is no good reason for running as root, so
    it's ok to forbit it.
    - This feature (mysql mis-feature?) isn't likely to
    change any time soon.
    
    Followup:
    It's clear that everyone thinks this is a
    bad idea. I have to disgree here. I should be allowed
    to do what I want even if it's a security risk as long
    as that risk is known/explained. It's _not_ an issue
    if I bind the daemon to a ip/interface which is
    guaranteed private and non-routable (such as
    192.168.x.x) and non-forwardable. Then there is no
    risk. But it's not really a significant issue either
    way - creating a new user/group is not a big deal.
    
    ---------------------------------------
    Original: About lack of documentatin for MD5 password
    encryption (which btw, is the default encryption for
    all passwords when 7.3 is compiled out of the box).
    Does the JDBC driver do this automatically ?
    
    Other comments:
    Yes. You need a fairly late model jdbc driver.
    
    Followup:
    I am not seeing this with latest compiled JDBC driver
    which I downloaded yesterday (for JDK 1.4 and postgres
    7.3). There is also no mention of this in the JDBC
    driver's documentation. Essentially, I cannot connect
    using JDBC unless I change the connect mode to
    "trust".
    
    ---------------------------------------
    Original:
    The documentation needs to be radically improved.
    
    Other comments:
    - I usually find everything i need in the Reference
    Guide, if not it's in the Users Guide.
    - What needs to be changed from a "newbie" perspective
    ?
    
    Followup:
    I am not sure I can point to any one thing that needs
    to be changed. But somehow the userland (not
    internals) documentation "feels" incomplete, compared
    to the extensive mysql docs. Maybe the docs are a) too
    spread out b) don't have enough examples c) are not
    totally up-to-date
    ---------------------------------------
    
    Original:
    No docs for importing/exporting comma or tab
    delimited files from/to tables ?
    
    Other comments:
    try "man pg_dump". Also read the documentation:
    http://www.se.postgresql.org/users-lounge/docs/7.3/postgres/backup.html
    
    Importing:
    http://www.se.postgresql.org/users-lounge/docs/7.3/postgres/sql-copy.html
    
    Followup:
    I was wrong about this. As the followup above stated,
    the documentation does cover this.
    ---------------------------------------
    
    Overall:
    
    I must say that I found the postgres community very
    helful and responsive. In the end, that's - by far -
    the most important thing. If I was to undertake a
    production postgres project, I would feel comfortable
    for this very reason.
    
    I did also find some JDBC specific issues that I
    posted to the JDBC list. Meanwhile, I am going to keep
    playing with postgres and make sure that my programs
    work with both mysql and postgresql.
    
    Best regards,
    
    --j
    
    
    __________________________________________________
    Do you Yahoo!?
    Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
    http://mailplus.yahoo.com
    
    ---------------------------(end of broadcast)---------------------------
    TIP 6: Have you searched our list archives?
    
    http://archives.postgresql.org
    
    
    
    
    
    
  2. Re: Postgresql -- initial impressions and comments

    scott.marlowe <scott.marlowe@ihs.com> — 2002-12-04T23:13:58Z

    On Wed, 4 Dec 2002 wsheldah@lexmark.com wrote:
    
    > 
    > Thanks for your summary and very constructive criticism. I've also found
    > the postgresql community to be very helpful and supportive. (Thanks
    > everyone!)
    > 
    > I want to add something with regard to security and running as root.
    > First, if postgresql runs as root and is bound to an internal interface,
    > someone getting root access to the box through a postgresql exploit would
    > have access to everything on that box, including other interfaces. Second,
    > many security threats and attacks are launched from within companies, or
    > from within corporate firewalls. You need to guard against these as well.
    > This could happen either because an employee or contractor decides to work
    > against the company for whatever reason, or because another box on the LAN
    > is compromised from outside, and is then used to attack other servers
    > within the LAN. You can never have too many layers of security, especially
    > when you get an extra layer for the low low price of adding another user
    > and group. :-)
    
    also, think of a mistake with the copy command:
    
    copy table to /etc/passwd;
    or
    copy table to /dev/hda;
    
    As postgres, no big deal.  Access denied.  As root, kaboom.