The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Serious security isse with default postgressql install?

Discussion in 'Security' started by dspillett, Feb 25, 2006.

  1. dspillett

    dspillett Active Member

    Oct 2, 2005
    Likes Received:
    Trophy Points:
    I'm running CentOS 4 with cPanel, all as uptodate as practically possible [using "RELEASE" versions of cPanel] and have installed postgresql (7.4.8).

    I thought all was fine, until a very worrying report frm a user which I have been able to reproduce.

    If a user installs their own copy of phpPgAdmin they can see and interact with ALL DATABASES ON THE SERVER, no matter who created or owns them.

    Is this an issue that has been seen before? If so, is there a know resolution? Have I missed something simple in the configuration? (I have set the admin password and followed the other post-install instructions).

    Could anyone out there using postgres on cPanel servers verify that this problem exists, or try it and report back that they don't see the problem?

    If this isn't easily resolvable I will have to turn off postgres completely and compensate my users...
    #1 dspillett, Feb 25, 2006
    Last edited: Feb 25, 2006
  2. rustelekom

    rustelekom Well-Known Member

    Nov 13, 2003
    Likes Received:
    Trophy Points:
    this is not only posgress or cpanel issue. any user which have a account on mysql server (local or remote) can see all databases on that mysql server.
    for preventing this in old mysql (4.0.xx) you should use something like safe-show-database.
    Regarding posgress, i am not sure, because we not use it, but i think that may be similar directives exist for posgress too.

Share This Page