jmealo

Can we use PostrgreSQL's row-level-security to enable arbitrary query execution security in secure multi-tenant web applications?

Can we break out and access another tenants information?

No, this is handled using schemas, ownership and roles (users). Using RLS does not impact leaking data between tenants. This allows us to give out SQL accounts that can run arbitrary queries without leaking data between tenants.

How can we protect against role or privileges escalation within a tenant?

Consider an application that has 3 user types (roles):

jmealo

CREATE OR REPLACE FUNCTION refresh_materialized_views() RETURNS VOID
AS
$body$
DECLARE
  result integer;
BEGIN
  EXECUTE (SELECT string_agg('REFRESH MATERIALIZED VIEW ' || oid::regclass::text, ';')
             FROM   pg_class
            WHERE  relkind = 'm');
  RETURN;

jmealo

{
  "endPoints": {
    "Sites": {
      "description": "Returns a list of District and School sites.",
      "method": "GET",
      "urls": [
        "https://<subdomain>.illuminateed.com/<root_dir>/rest_server.php/Api/Sites/"
      ],
      "responseExample": [
        {

jmealo

#!/bin/bash
cd /usr/share/postgresql/9.4/tsearch_data

wget https://stop-words.googlecode.com/files/stop-words-collection-2011.11.21.zip
unzip stop-words-collection-2011.11.21.zip
wget http://src.chromium.org/svn/trunk/deps/third_party/hunspell_dictionaries/en_US.dic
wget http://src.chromium.org/svn/trunk/deps/third_party/hunspell_dictionaries/en_US.dic_delta
wget http://src.chromium.org/svn/trunk/deps/third_party/hunspell_dictionaries/en_US.aff -O en_us.affix

# Remove first line

jmealo

[user]
name = Jeffrey Mealo
email = jeffreymealo@gmail.com

[credential]
helper = osxkeychain

[core]
autocrlf = input
excludesfile = /Users/jmealo/.gitignore_global

jmealo

#!/usr/bin/env node

var stdin = process.openStdin();

var data = "";

stdin.on('data', function(chunk) {
  data += chunk;
});

jmealo

// Insert this just after:         if (/move/i.test(verb)) { @ line 115
if (file.indexOf('___jb_bak___') !== -1) {
  verb = 'PUT';
  destination = destination.replace('___jb_bak___', '');
  file = destination;
  fileStream = fs.createReadStream(file);
  headers['Content-Length'] = fs.statSync(file).size;
}

/* Add the following entries to your config.json global ignore:

jmealo

<html>
<head>
    <title>Softphone</title>
    <script src="https://code.jquery.com/jquery-2.1.3.min.js"></script>
    <script>
        $(function() {
            var $dialpad = $('#dialpad');

            $(document).on('click', '#dialpad,[title="Dialpad"]', function(e) {
                e.stopPropagation();

jmealo

Errors

All error messages should answer:

• What went wrong.
• What to do next.

Errors requiring escalation need:

• Error logging that provides engineering, support and development pertinent information.

jmealo

<?xml version='1.0'?>
<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
<service_bundle type='manifest' name='export'>
  <service name='network/spread' type='service' version='0'>
    <create_default_instance enabled='true'/>
    <single_instance/>
    <dependency name='fs-local' grouping='require_all' restart_on='none' type='service'>
      <service_fmri value='svc:/system/filesystem/local'/>
    </dependency>
    <dependency name='network-service' grouping='require_all' restart_on='none' type='service'>