Hi Everyone, Any update regarding the issue.
Thanks Qasim On Mon, Jun 3, 2024 at 10:46 AM Khushboo Vashi < khushboo.va...@enterprisedb.com> wrote: > > > On Sat, Jun 1, 2024 at 8:34 PM Dave Page <dp...@pgadmin.org> wrote: > >> Akshay, could you or one of the team look into this please? >> > I am looking into this issue > >> >> Thanks. >> >> On Fri, 31 May 2024 at 23:27, Qasim Tahir <qasimtahir....@gmail.com> >> wrote: >> >>> Hi, >>> Platform and package details are below >>> >>> Platform: *Rocky 8.9* >>> *pgadmin *version*: 8.7* >>> >>> Regards >>> Qasim >>> >>> On Sat, Jun 1, 2024 at 3:09 AM Dave Page <dp...@pgadmin.org> wrote: >>> >>>> Hi >>>> >>>> On Thu, 30 May 2024 at 23:17, Qasim Tahir <qasimtahir....@gmail.com> >>>> wrote: >>>> >>>>> Dear PgAdmin Community, >>>>> >>>>> I am writing to report a potential security issue with the permissions >>>>> set in the PgAdmin installation directory. >>>>> >>>>> After installing PgAdmin, I observed that several directories, >>>>> including 'bin', 'venv', and 'web', have 775 permissions. Here are the >>>>> details of the directory permissions: >>>>> [image: image.png] >>>>> >>>>> Given the broad access provided by 775 permissions, there is a concern >>>>> about the potential for unauthorized access or modifications. >>>>> >>>>> >>>>> I would like to ask if these permissions are necessary for PgAdmin's >>>>> operation or if they could be tightened to enhance security. >>>>> >>>>> Your guidance on this matter would be greatly appreciated. >>>>> >>>>> Thank you for your attention to this issue. >>>>> >>>> >>>> What platform and package is this exactly? >>>> >>>> -- >>>> Dave Page >>>> pgAdmin: https://www.pgadmin.org >>>> PostgreSQL: https://www.postgresql.org >>>> EDB: https://www.enterprisedb.com >>>> >>>> >> >> -- >> Dave Page >> pgAdmin: https://www.pgadmin.org >> PostgreSQL: https://www.postgresql.org >> EDB: https://www.enterprisedb.com >> >>
