[Tile-serving] [openstreetmap/osm2pgsql] Document security practices for multi-user systems (#831)
Paul Norman
notifications at github.com
Wed Mar 21 09:44:21 UTC 2018
The normal osm2pgsql instructions (`createdb && psql -c 'create extension postgis; && osm2pgsql`) are designed for a single-user accessing a database and everyone who has access to that user is trusted. In multi-user environments and production, it's a good idea to restrict access to the minimum necessary.
The doc should cover
- `search_path`, schemas, and protecting against [CVE-2018-1058](https://wiki.postgresql.org/wiki/A_Guide_to_CVE-2018-1058:_Protect_Your_Search_Path#Next_Steps:_How_Can_I_Protect_My_Databases.3F)-like attacks
- Creating a user with the permissions needed to import OSM data
- Creating a user with the permissions needed to use OSM data (e.g. rendering)
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/osm2pgsql/issues/831
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/tile-serving/attachments/20180321/75d381e1/attachment.html>
More information about the Tile-serving
mailing list