On Sat, Jun 1, 2024 at 8:34 PM Dave Page <dp...@pgadmin.org> wrote:
> Akshay, could you or one of the team look into this please? > I am looking into this issue > > Thanks. > > On Fri, 31 May 2024 at 23:27, Qasim Tahir <qasimtahir....@gmail.com> > wrote: > >> Hi, >> Platform and package details are below >> >> Platform: *Rocky 8.9* >> *pgadmin *version*: 8.7* >> >> Regards >> Qasim >> >> On Sat, Jun 1, 2024 at 3:09 AM Dave Page <dp...@pgadmin.org> wrote: >> >>> Hi >>> >>> On Thu, 30 May 2024 at 23:17, Qasim Tahir <qasimtahir....@gmail.com> >>> wrote: >>> >>>> Dear PgAdmin Community, >>>> >>>> I am writing to report a potential security issue with the permissions >>>> set in the PgAdmin installation directory. >>>> >>>> After installing PgAdmin, I observed that several directories, >>>> including 'bin', 'venv', and 'web', have 775 permissions. Here are the >>>> details of the directory permissions: >>>> [image: image.png] >>>> >>>> Given the broad access provided by 775 permissions, there is a concern >>>> about the potential for unauthorized access or modifications. >>>> >>>> >>>> I would like to ask if these permissions are necessary for PgAdmin's >>>> operation or if they could be tightened to enhance security. >>>> >>>> Your guidance on this matter would be greatly appreciated. >>>> >>>> Thank you for your attention to this issue. >>>> >>> >>> What platform and package is this exactly? >>> >>> -- >>> Dave Page >>> pgAdmin: https://www.pgadmin.org >>> PostgreSQL: https://www.postgresql.org >>> EDB: https://www.enterprisedb.com >>> >>> > > -- > Dave Page > pgAdmin: https://www.pgadmin.org > PostgreSQL: https://www.postgresql.org > EDB: https://www.enterprisedb.com > >
