Pgsql-http

From UVOO Tech Wiki
Jump to navigation Jump to search

SELECT http_set_curlopt('CURLOPT_TIMEOUT', '20'); SELECT http_set_curlopt('CURLOPT_TCP_KEEPALIVE', '20');

security

The http extension requires superuser permissions because it is not marked as a trusted extension and can perform operations that pose a significant security risk. The http extension allows a user to make outbound HTTP requests directly from the database, which is a powerful capability that could be abused. Security Ramifications Granting a non-superuser the ability to create and use the http extension can lead to several security vulnerabilities. The risks arise from the fact that a user could leverage this functionality for malicious purposes. 

* Data Exfiltration: A malicious user with access to the http extension could exfiltrate data from the database. For example, they could construct an HTTP request to send sensitive information to an external server they control.
* Access to Internal Network: The http extension allows the PostgreSQL server to act as a client. This could be used to probe, scan, or attack other services on the internal network that the database server has access to.
* Server-Side Request Forgery (SSRF): If a user can control the URL and headers of the HTTP request, they could exploit an SSRF vulnerability. This could allow them to make the database server act as a proxy to access other internal resources, potentially bypassing firewalls.
* Denial of Service (DoS): A user could make a large number of requests to a particular external server, potentially causing a DoS attack against it. Conversely, they could make requests to a slow-responding or nonexistent server, causing the database's worker processes to hang and impacting database performance.

In general, any extension that allows the database to interact with the external world or perform actions outside of its core function (data storage and retrieval) is likely to require superuser privileges to ensure it is not used to compromise the system. The http extension's ability to make network requests falls squarely into this category.

extensions and superuser

No, not all PostgreSQL extensions require superuser privileges to create. Most extensions do, but since PostgreSQL 9.1, it has been possible to create extensions that do not require superuser privileges. This is achieved through the use of the TRUSTED keyword in the control file. A trusted extension is one that is considered safe to be installed by non-superusers. Key Considerations 

* Trusted Extensions: An extension marked as TRUSTED in its control file (.control) can be installed by users with the CREATE privilege on the current database.
* Privileges: For an extension to be created by a non-superuser, the user must have the CREATE privilege on the database and the extension itself must be designed to be trusted.
* Safety: The TRUSTED keyword is a way for extension developers to explicitly declare that their extension is safe to install. This means the extension's code and its SQL commands are designed not to pose a security risk.

Why Most Extensions Require Superuser Many extensions require superuser privileges because they need to perform actions that are not allowed for regular users. These actions can include: 

* Creating C functions
* Accessing the file system
* Modifying global settings

The superuser requirement is a security measure to prevent a malicious or buggy extension from causing system-wide problems.

Retrieved from "https://tech.uvoo.io/index.php?title=Pgsql-http&oldid=5639"