Hi Everyone,

Any update regarding the issue.

Thanks
Qasim

On Mon, Jun 3, 2024 at 10:46 AM Khushboo Vashi <
khushboo.va...@enterprisedb.com> wrote:

>
>
> On Sat, Jun 1, 2024 at 8:34 PM Dave Page <dp...@pgadmin.org> wrote:
>
>> Akshay, could you or one of the team look into this please?
>>
> I am looking into this issue
>
>>
>> Thanks.
>>
>> On Fri, 31 May 2024 at 23:27, Qasim Tahir <qasimtahir....@gmail.com>
>> wrote:
>>
>>> Hi,
>>> Platform and package details are below
>>>
>>> Platform: *Rocky 8.9*
>>> *pgadmin *version*:  8.7*
>>>
>>> Regards
>>> Qasim
>>>
>>> On Sat, Jun 1, 2024 at 3:09 AM Dave Page <dp...@pgadmin.org> wrote:
>>>
>>>> Hi
>>>>
>>>> On Thu, 30 May 2024 at 23:17, Qasim Tahir <qasimtahir....@gmail.com>
>>>> wrote:
>>>>
>>>>> Dear PgAdmin Community,
>>>>>
>>>>> I am writing to report a potential security issue with the permissions
>>>>> set in the PgAdmin installation directory.
>>>>>
>>>>> After installing PgAdmin, I observed that several directories,
>>>>> including 'bin', 'venv', and 'web', have 775 permissions. Here are the
>>>>> details of the directory permissions:
>>>>> [image: image.png]
>>>>>
>>>>> Given the broad access provided by 775 permissions, there is a concern
>>>>> about the potential for unauthorized access or modifications.
>>>>>
>>>>>
>>>>> I would like to ask if these permissions are necessary for PgAdmin's
>>>>> operation or if they could be tightened to enhance security.
>>>>>
>>>>> Your guidance on this matter would be greatly appreciated.
>>>>>
>>>>> Thank you for your attention to this issue.
>>>>>
>>>>
>>>> What platform and package is this exactly?
>>>>
>>>> --
>>>> Dave Page
>>>> pgAdmin: https://www.pgadmin.org
>>>> PostgreSQL: https://www.postgresql.org
>>>> EDB: https://www.enterprisedb.com
>>>>
>>>>
>>
>> --
>> Dave Page
>> pgAdmin: https://www.pgadmin.org
>> PostgreSQL: https://www.postgresql.org
>> EDB: https://www.enterprisedb.com
>>
>>

Reply via email to