Skip to content

Commit

Permalink
added security to guest_user
Browse files Browse the repository at this point in the history
  • Loading branch information
svpolonsky committed Dec 12, 2023
1 parent 02925c1 commit b46686e
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 9 deletions.
1 change: 1 addition & 0 deletions zkbenchmark-docker/docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ services:
build: .
environment:
POSTGRES_PASSWORD: ${INGO_BENCHMARKS_DB_PASSWORD}
GUEST_PASSWORD: ${INGO_BENCHMARKS_GUEST_USER_PASSWORD}
ports:
- "5432:5432"
volumes:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,16 @@

-- Create a guest_user with read-only privileges and no password

CREATE USER guest_user WITH
LOGIN -- Allows the user to log in
NOSUPERUSER -- Ensures the user is not a superuser
NOCREATEDB -- Prevents the user from creating databases
NOCREATEROLE -- Prevents the user from creating roles
INHERIT -- Allows the user to inherit roles
NOREPLICATION -- Prevents the user from replicating data
CONNECTION LIMIT -1; -- Sets an unlimited connection limit
-- CREATE USER guest_user WITH
-- LOGIN -- Allows the user to log in
-- NOSUPERUSER -- Ensures the user is not a superuser
-- NOCREATEDB -- Prevents the user from creating databases
-- NOCREATEROLE -- Prevents the user from creating roles
-- INHERIT -- Allows the user to inherit roles
-- NOREPLICATION -- Prevents the user from replicating data
-- CONNECTION LIMIT -1; -- Sets an unlimited connection limit

CREATE USER guest_user WITH PASSWORD '$GUEST_PASSWORD';

-- Grant read-only privileges to the user on a specific database 'ingo_benchmarks'
GRANT CONNECT ON DATABASE ingo_benchmarks TO guest_user;
Expand Down
2 changes: 1 addition & 1 deletion zkbenchmark-docker/pg_hba.conf
Original file line number Diff line number Diff line change
Expand Up @@ -127,4 +127,4 @@ host replication all 127.0.0.1/32 trust
host replication all ::1/128 trust

#host all all all scram-sha-256
host all all 0.0.0.0/0 trust
host all all 0.0.0.0/0 md5

0 comments on commit b46686e

Please sign in to comment.