如何解决 pg_cron 引起的安全问题?
[英]How do i solve the security problems caused by pg_cron?
问题描述
I am using pg_cron to schedule a task which should be repeated every 1 hour.
我正在使用 pg_cron 来安排一个应该每 1 小时重复一次的任务。 I have installed and using this inside a docker environment inside the postgres container.我已经在 postgres 容器内的 docker 环境中安装并使用了它。 And I am calling the query to create this job using python from a different container.我正在调用查询以使用来自不同容器的 python 创建此作业。
I can see that job is created successfully but is not being executed due to lack of permission since the pg_hba.conf is not set to trust or due to no.pgpass file.我可以看到作业已成功创建,但由于 pg_hba.conf 未设置为 trust 或由于 no.pgpass 文件而导致缺少权限而未执行。
But if I enable any of those both, anyone can enter into database by using docker exec and do psql in the container.但是,如果我启用这两者中的任何一个,任何人都可以使用 docker exec 进入数据库并在容器中执行 psql。
Is there anyway to avoid this security issue???有没有办法避免这个安全问题??? Since in production environment it should not be allowed for anyone to enter into the database without a password.由于在生产环境中,不应允许任何人在没有密码的情况下进入数据库。
1 个解决方案
解决方案1
0 2019-11-11 07:00:32
Either keep people from running docker exec on the container or use something else than pg_cron .要么阻止人们在容器上运行docker exec ,要么使用pg_cron以外的其他东西。
I would feel nervous if random people were allowed to run docker exec on the container with my database or my job scheduler in it.如果允许随机人员在包含我的数据库或作业调度程序的容器上运行docker exec ,我会感到紧张。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.