以最小特权运行Heroku Postgres [英] Running Heroku Postgres with least privilege

问题描述

我可以通过网络/应用程序连接到Heroku Postgres数据库，而不会有丢掉表的风险吗？我为第三方构建Heroku应用程序它使用Heroku Postgres作为后端。第三方对安全性非常敏感，所以我正在考虑在整个应用程序中应用分层安全性。例如，在Web /应用程序层检查SQL注入攻击。应用分层安全方法时，我还应该保护数据库以防潜在的SQL注入攻击丢失，这可能会丢失数据库表。

在其他系统中，在数据库中至少会建立两个用户。首先，创建/删除表，索引，触发器等的数据库管理员以及比只能插入和更新记录的数据库管理员的权限少的应用程序用户。

在Heroku Postgres设置中，似乎没有办法创建具有较低特权的另一个用户（没有drop table选项）。因此，应用程序必须与默认的Heroku Postgres用户连接，因此可能存在drop table的风险。

我运行的是Heroku Postgres Crane插件。

有没有人提出过这个问题，或者在这种情况下有任何创造性的解决方法？

解决方案

使用Heroku Postgres，您只有一个帐户可以连接。这种类型的功能确实存在的一个选择是在Heroku Postgres上创建一个追随者。一个追随者是异步保持最新的（通常只有一秒左右的时间）并且是只读的。这将允许您将访问权限授予那些需要它的人员，同时不向他们提供领导者db的详细信息。

Can I connect to a Heroku Postgres database via an web/application without the risk of dropping a table?

I'm building a Heroku application for a third party which uses Heroku Postgres for the backend. The third party are very security sensitive so I'm looking at applying "Layered security" throughout the application. So for example checking for SQL injection attacks at the web/application layer. Applying a "Layered security" approach I should also secure the database in case a potential SQL injection attack is missed, which might drop a database table.

In other systems I have built there would be a minimum of two users in the database. Firstly the database administrator who creates/drops tables, index, triggers, etc and the application user who would run with less privileges than the database administrator who could only insert and update records for example.

Within the Heroku Postgres setup there doesn't appear to be a way to create another user with less privileges (without the "drop table" option). So the application must connect with the default Heroku Postgres user and therefore the risk of a "drop table" might exist.

I'm running the Heroku Postgres Crane add-on.

Has anyone come up against this or got any creative work arounds for this scenario?

解决方案

With Heroku Postgres you do only have a single account to connect with. One option that does exist for this type of functionality is to create a follower on Heroku Postgres. A follower is asynchronously kept up to date (usually only a second or so behind) and is read only. This would allow you to grant access to the follower to those that need it while not providing them with the details for the leader db.

这篇关于以最小特权运行Heroku Postgres的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！