public inbox for [email protected]
help / color / mirror / Atom feedFrom: David G. Johnston <[email protected]>
To: Srini Genji <[email protected]>
Cc: Scott Ribe <[email protected]>
Cc: [email protected]
Subject: Re: Disable Save results to file button
Date: Wed, 20 Nov 2024 19:50:43 -0700
Message-ID: <CAKFQuwZ0CBYkYVcH2YX_RLGoFCaZyL_OvqhBUB7Xo3oGRPFxrg@mail.gmail.com> (raw)
In-Reply-To: <CAN0-mGunfW-X9-moKOtvQ-LrbXTYFEDxuqnfQH3NcJdxhtbbdA@mail.gmail.com>
References: <CAN0-mGtt_JLUuomwYfLNUc2yTQkY4AZMBFWKZhUumv5a6eJxRg@mail.gmail.com>
<[email protected]>
<CAN0-mGunfW-X9-moKOtvQ-LrbXTYFEDxuqnfQH3NcJdxhtbbdA@mail.gmail.com>
On Wed, Nov 20, 2024 at 7:38 PM Srini Genji <[email protected]> wrote:
>
> This is coming mainly from security to avoid users downloading huge
> datasets containing sensitive data in to their machine
>
>
I appreciate the desire here, and it isn't unreasonable, but it is also
technically nearly impossible. If you have given a person credentials,
network access, and the relevant database permissions to see all of that
data they will be able to make a copy of it that you do not control. While
marginal improvements are possible, the cost of doing them (and available
mitigations) discourages people from working on such patches in favor of
other things.
If this is a security risk you need to mitigate in PostgreSQL you probably
need to implement a solution where the user does not directly have
credentials for the database, but asks some proxy to access the database on
their behalf (e.g., a webapp) and in that proxy you institute such
policies. I feel like some tools and extensions in this area likely exist,
though I am not personally familiar with any of them if that is so.
Yes, ideally pgAdmin, if you can otherwise lock down their machine and
prohibit any other software from being run as well as ensure their
credentials only are usable on that machine (both doable propositions I
daresay) would fill in the missing piece and provide a viewer-only option.
Or maybe just run it on a server where the local machine isn't accessible
to the user...
David J.
(p.s., this is the admin mailing list for the PostgreSQL server, not the
mailing list for the third-party pgAdmin product. If you have a
requirement to use pgAdmin you may wish to converse with that team in their
own channels.)
view thread (5+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected]
Subject: Re: Disable Save results to file button
In-Reply-To: <CAKFQuwZ0CBYkYVcH2YX_RLGoFCaZyL_OvqhBUB7Xo3oGRPFxrg@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox