1.5 KiB
1.5 KiB
title, impact, impactDescription, tags
| title | impact | impactDescription | tags |
|---|---|---|---|
| Apply Principle of Least Privilege | MEDIUM | Reduced attack surface, better audit trail | privileges, security, roles, permissions |
Apply Principle of Least Privilege
Grant only the minimum permissions required. Never use superuser for application queries.
Incorrect (overly broad permissions):
-- Application uses superuser connection
-- Or grants ALL to application role
grant all privileges on all tables in schema public to app_user;
grant all privileges on all sequences in schema public to app_user;
-- Any SQL injection becomes catastrophic
-- drop table users; cascades to everything
Correct (minimal, specific grants):
-- Create role with no default privileges
create role app_readonly nologin;
-- Grant only SELECT on specific tables
grant usage on schema public to app_readonly;
grant select on public.products, public.categories to app_readonly;
-- Create role for writes with limited scope
create role app_writer nologin;
grant usage on schema public to app_writer;
grant select, insert, update on public.orders to app_writer;
grant usage on sequence orders_id_seq to app_writer;
-- No DELETE permission
-- Login role inherits from these
create role app_user login password 'xxx';
grant app_writer to app_user;
Revoke public defaults:
-- Revoke default public access
revoke all on schema public from public;
revoke all on all tables in schema public from public;
Reference: Roles and Privileges