-
Notifications
You must be signed in to change notification settings - Fork 88
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security checklist: DB "operations needed" #2356
base: master
Are you sure you want to change the base?
Conversation
Co-authored-by: Tomasz Dąbrowski <64841871+dabrt@users.noreply.github.com>
…t.md Co-authored-by: Gunnstein Lye <289744+glye@users.noreply.github.com>
# Conflicts: # docs/infrastructure_and_maintenance/security/security_checklist.md
|
||
```sql | ||
CREATE USER 'user'@'host' IDENTIFIED BY 'password'; | ||
GRANT SELECT, INSERT, UPDATE, DELETE ON database_name.* TO 'user'@'host'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Won't we need TCL commands here, too? BEGIN START TRANSACTION, COMMIT, ROLLBACK, SET at least?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I may have misinterpreted your remark at first. I thought it was about wrapping the commands in a transaction batch.
SET
could be added in PostgreSQL: https://www.postgresql.org/docs/current/sql-grant.html#SQL-GRANT-DESCRIPTION-OBJECTS
I see no equivalent on MySQL: https://dev.mysql.com/doc/refman/8.4/en/privileges-provided.html
CREATE USER 'user'@'host' IDENTIFIED BY 'password'; | ||
GRANT SELECT, INSERT, UPDATE, DELETE ON database_name.* TO 'user'@'host'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
CREATE USER 'user'@'host' IDENTIFIED BY 'password'; | |
GRANT SELECT, INSERT, UPDATE, DELETE ON database_name.* TO 'user'@'host'; | |
START TRANSACTION; | |
CREATE USER 'user'@'host' IDENTIFIED BY 'password'; | |
GRANT SELECT, INSERT, UPDATE, DELETE ON database_name.* TO 'user'@'host'; | |
COMMIT; |
CREATE USER user PASSWORD 'password'; | ||
GRANT CONNECT ON DATABASE database_name TO user; | ||
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO user; | ||
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO user; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
CREATE USER user PASSWORD 'password'; | |
GRANT CONNECT ON DATABASE database_name TO user; | |
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO user; | |
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO user; | |
BEGIN; | |
CREATE USER user PASSWORD 'password'; | |
GRANT CONNECT ON DATABASE database_name TO user; | |
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO user; | |
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO user; | |
COMMIT; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
CREATE USER user PASSWORD 'password'; | |
GRANT CONNECT ON DATABASE database_name TO user; | |
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO user; | |
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO user; | |
CREATE USER user PASSWORD 'password'; | |
GRANT CONNECT ON DATABASE database_name TO user; | |
GRANT SET, SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO user; | |
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO user; |
# Conflicts: # docs/infrastructure_and_maintenance/security/security_checklist.md
I'll have a looksie again soon. As I recall, there was debate if it even makes sense to recommend this. Which is a fair point. Sabotage is perfectly possible with just INSERT and UPDATE, and read access with SELECT is often the most dangerous of all. |
How do I "Ensure that the database user used by the web app only has access to do the operations needed"?
Forked from #2355
Checklist