Akshay, could you or one of the team look into this please? Thanks.
On Fri, 31 May 2024 at 23:27, Qasim Tahir <qasimtahir....@gmail.com> wrote: > Hi, > Platform and package details are below > > Platform: *Rocky 8.9* > *pgadmin *version*: 8.7* > > Regards > Qasim > > On Sat, Jun 1, 2024 at 3:09 AM Dave Page <dp...@pgadmin.org> wrote: > >> Hi >> >> On Thu, 30 May 2024 at 23:17, Qasim Tahir <qasimtahir....@gmail.com> >> wrote: >> >>> Dear PgAdmin Community, >>> >>> I am writing to report a potential security issue with the permissions >>> set in the PgAdmin installation directory. >>> >>> After installing PgAdmin, I observed that several directories, including >>> 'bin', 'venv', and 'web', have 775 permissions. Here are the details of the >>> directory permissions: >>> [image: image.png] >>> >>> Given the broad access provided by 775 permissions, there is a concern >>> about the potential for unauthorized access or modifications. >>> >>> >>> I would like to ask if these permissions are necessary for PgAdmin's >>> operation or if they could be tightened to enhance security. >>> >>> Your guidance on this matter would be greatly appreciated. >>> >>> Thank you for your attention to this issue. >>> >> >> What platform and package is this exactly? >> >> -- >> Dave Page >> pgAdmin: https://www.pgadmin.org >> PostgreSQL: https://www.postgresql.org >> EDB: https://www.enterprisedb.com >> >> -- Dave Page pgAdmin: https://www.pgadmin.org PostgreSQL: https://www.postgresql.org EDB: https://www.enterprisedb.com
