HiveBrain v1.2.0
Get Started
← Back to all entries
patternsqlMinor

Is there a postgresl server configuration that will let me expose an untrusted language like pl/R while still maintaining security?

Submitted by: @import:stackexchange-dba··
0
Viewed 0 times
exposepostgreslwhileuntrustedlikeconfigurationlanguagewillthatlet

Problem

I am building a postgresql database and I want users to be able to run their own R and python scripts at the database rather than pulling it all down locally. Unfortunately, pl/R and pl/python are untrusted, so I can't just let 20 users have pl/R access to my database for fear some person will do something bad to my core database.

Is there a server configuration that will let me provide this flexibility to my users but still stop them from having inappropriate access to my database? For example, can I set up a special linked database just for them, that is close enough to the data to make it useful while still having security separation? (or anything else, just trying to give an illustrative example).

Solution

I don't think that there is any general method to do this. (Otherwise someone probably would have implemented a trusted version of the language using that method).

You could create a hot-standby database on a separate machine (or at least running as a separate and little-privileged OS-user) and let your users have at that with superuser permissions. Note that they would be able to do nasty things to each other if they are clever and malicious enough, but should have limited capability to mess with the primary server.

Since a hot-standby is read only, you would have to set up the (super)user roles you want in the primary server, but disable them in the pg_hba.conf file. Then use a different pg_hba.conf in the standby which allows those roles to connect.

I think it is kind of playing with fire to do even this much, though.

Context

StackExchange Database Administrators Q#163550, answer score: 2

Revisions (0)

No revisions yet.