Le 29/07/2010 09:15, Mudy Situmorang a écrit : > psql runs only from the server, while pgAdmin (which is a standard > installation in PostgerSQL for windows) easily installed in any clients. >
Wrong. psql can run from anywhere. "psql -h ip_of_the_server -U my_superuser postgres" will connect to the server if the pg_hba.conf allows me to. And I will be able to drop any database I want. > In a network with several different projects & many databases that requires > dozens of superuser, pg_hba could provide the required access control. > pg_hba.conf only provides *access* control, not objects' rights control. > In this bug, when one superuser password compromised, then all database can > be dropped from any clients using pgAdmin. > Sure. That's probably why you shouldn't have that many superusers. Having one or two is understandable. Having more is, to say the least, weird. Not sure that you know this, but a user can be owner of a database without being a superuser. If you have a specific owner for each of the database, the owners won't be able to drop other databases. They will only have the right to drop their own. > IMO this is a major security problem on pgAdmin software. > You mean with every PostgreSQL admin tool. You can do that with any of them. Even psql. You can easily install psql on a PC and drop a database if you are a superuser and have the right to connect on at least one database. I think you misunderstand the use of the superuser. You shouldn't have a lot of them. -- Guillaume http://www.postgresql.fr http://dalibo.com -- Sent via pgadmin-support mailing list (pgadmin-support@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgadmin-support