PHP :: Bug #2324 :: pg_connect connects as web server, not script owner

Bug #2324	pg_connect connects as web server, not script owner
Submitted:	1999-09-18 20:38 UTC	Modified:	1999-09-18 21:15 UTC
From:	mpg4 at duluoz dot net	Assigned:
Status:	Closed	Package:	PostgreSQL related
PHP Version:	3.0.12	OS:	Linux 2.0.36
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	mpg4 at duluoz dot net
New email:
PHP Version:		OS:

New Comment:

[1999-09-18 20:38 UTC] mpg4 at duluoz dot net

The PostgreSQL functions are run as the web server user, not as the owner of the script that called them.  This means that any user can view the contents of any database that the web server can see.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[1999-09-18 21:15 UTC] rasmus at cvs dot php dot net

That's the way it works.  No bug here

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Tue Apr 30 01:01:28 2024 UTC