Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1t1oEW-000VYb-Ft for pgsql-general@arkaria.postgresql.org; Fri, 18 Oct 2024 14:45:40 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1t1oEU-005dMk-Qi for pgsql-general@arkaria.postgresql.org; Fri, 18 Oct 2024 14:45:39 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1t1oEU-005dLy-Eo for pgsql-general@lists.postgresql.org; Fri, 18 Oct 2024 14:45:38 +0000 Received: from mail-ej1-x62c.google.com ([2a00:1450:4864:20::62c]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1t1oES-001Y8z-3B for pgsql-general@lists.postgresql.org; Fri, 18 Oct 2024 14:45:37 +0000 Received: by mail-ej1-x62c.google.com with SMTP id a640c23a62f3a-a9a5b2f2026so219988166b.2 for ; Fri, 18 Oct 2024 07:45:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cybertec.at; s=cybertec.at; t=1729262734; x=1729867534; darn=lists.postgresql.org; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:to:from:subject:message-id:from:to:cc:subject:date :message-id:reply-to; bh=JyQYNvhfVd4E7S9f66eDkspF6H43jIZs1oMOcq1W8og=; b=Z2rnmvYELrMREG56+5637uLHXOMSigQjtIgSUH1aoXXqnMZsuYxIyilo2eBXrORreq qoerhQg/1ig7meoLSOL/f3reT+raiGrLBdPEh2Z2JECZ6ZRh2GIU4979wl70ncJHvrzL Kkac7kjLDVWeB8m7+T5Q6kMEj1/gFESvRrXDU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729262734; x=1729867534; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:to:from:subject:message-id:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=JyQYNvhfVd4E7S9f66eDkspF6H43jIZs1oMOcq1W8og=; b=UQykuc5w5UzFzTYLSBvdN0on2ekqos75sRn/RzH0Q7PXclGMa66FkYXBrxxobxwp/r eCAHoeSAhfRhdq8OrqfHkkPLuqIyfyUWfHLhNYfIkSel/x1bIDP+eu9HFRvSPthJ0PvH H85v8Zz/YxyxEvNVy9E9gGWTGUx7FVNVWKy7nKCU2D7gAsn0CE9MImP6fzdUzO6J58QV RtRWSFnC0aJLORMav9Ay1Y4AidZBQcfi0z2Ds3S+icau34l/rNUf5dvrsS19u5YL140X 703WScNBA74MJZDv3wZ7jLqpIWCrx+LuQVlFgrbQq4Lv87f4hZwFI4t/govDHlC6ui/z CUgw== X-Forwarded-Encrypted: i=1; AJvYcCX0offHKVXZrmFmcve1Q0Cyy7ndjmqqwzqT3VXafySiuteLLqbkBLUCrOX//mQ71KkNcp1egkz8OsaJeAoX@lists.postgresql.org X-Gm-Message-State: AOJu0YwhHyLBhGZOMmrv3eL3Z73P35BE1ZiEACHB82scy2UQz8OXYkhf ijyFilX0Wek+SXw6oGVJLYOwxSemVuyVCzvJfZXi2uDBkfP0n6HWdY4cNrjoJno= X-Google-Smtp-Source: AGHT+IEROJDg+nA8YKFqBScc4ObPx6iryu5oO9v2QrwPGFBdFmtuVRcDbKOgWTTIQEbMsIS+4jdNKQ== X-Received: by 2002:a17:907:7b85:b0:a9a:b70:2a7c with SMTP id a640c23a62f3a-a9a69a7627fmr266878366b.25.1729262734289; Fri, 18 Oct 2024 07:45:34 -0700 (PDT) Received: from [192.168.3.211] ([41.66.99.56]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a9a68c2e62fsm105449566b.220.2024.10.18.07.45.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 18 Oct 2024 07:45:33 -0700 (PDT) Message-ID: <4d672de040dd54b1dd687d20da2eb291f3324fd7.camel@cybertec.at> Subject: Re: Permissions for Newly Created User From: Laurenz Albe To: sreekanta reddy , pgsql-general@lists.postgresql.org Date: Fri, 18 Oct 2024 16:45:32 +0200 In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.52.4 (3.52.4-1.fc40) MIME-Version: 1.0 List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Fri, 2024-10-18 at 15:41 +0530, sreekanta reddy wrote: > I would also like to suggest an enhancement to the default behavior for n= ewly created users in PostgreSQL. >=20 > Observed Issue: > User Created: testdb > Command used: CREATE USER testdb WITH PASSWORD 'dhsfjobodjjbsdj'; > After creating the user testdb, I observed that the user could still view= objects, schemas, and their > structures, as well as system tables and views, which contradicts the int= ended restricted permissions. People have complained about that before, but that's working as designed: m= ost metadata are visible to everybody. Perhaps we should add that as "feature we don't want" to the= TODO list. The standard suggestion is to use different databases if users shouldn't se= e each other's objects' metadata. > Suggested Privileges for Newly Created Normal Users: > I would like to suggest enhancements to the default behavior for newly cr= eated normal users in PostgreSQL to improve data security: >=20 > Database Connection:=C2=A0The user should have the ability to connect onl= y to postgres =C2=A0databases by default I am not fundamentally against that, but it would be a painful compatibilit= y break, and the gain is small. After all, the default "pg_hba.conf" file forbids remote co= nnections, and you can get the same effect with the right entries in "pg_hba.conf". > Read-Only Configurations:=C2=A0The user should have read-only access to v= iew database configuration parameters. Why? The ability to change certain parameters on the fly in your session i= s a feature. > I would also like to highlight a security concern regarding password hand= ling: >=20 > When creating or altering a user's password, the log file captures the pa= ssword in plain text format, which could be a potential security risk. > However, when using the \password command in psql, the password is logged= in its hashed format (SHA-256), which is a more secure practice. > I recommend extending this hashed logging format to all password creation= and modification operations. You mean to hash it just for logging? After you sent it to the server in clear text, so that the DBA could captur= e it with an event trigger? Where is the point? The log file is to be treated as sensi= tive data. Yours, Laurenz Albe