Forums

Hi we are using postgres for our web app. The default installation you do has a super user and password. We can use that on our admin tools for back end admin, but wondering how tight the security initially is with users/database access, and any tips you have for us making our database for app secure.

For example I see by default there are users called postgres, public, pythonanywhere_helper, and super. Is it ok to leave each of these users as is?

My thought is we'll create the database for our app and then create a specific user that has all privileges on that database. Would that mean that only that new user and the super user have full access to this app's database?

Thanks

I'm not a Postgres security expert, but that sounds right to me. Definitely it's going to be safer to have per-app databases and users rather than using the superuser for everything.

The DBA Stack Exchange Q&A site will probably be able to give you a more definitive answer, though. The only difference between a Postgres instance on PythonAnywhere and any other is the pythonanywhere_helper user that you've already noticed; that one is only needed if you want to be able to set the superuser password from the PythonAnywhere web interface.

I guess my follow-up question would be: with the setup we initially get from you, would any other python anywhere user that was able to guess our hostname, be able to use any default username and default password, that is a default postgres setting, to be able to see our database? Or are all the postgres usernames given passwords that are unique to our instance?

i.e. the users named postgres, pythonanywhere_helper, and public... do these get setup with "default" passwords that anybody could use to access our databases?

Thanks

The pythonanywhere_helper user's password is randomly generated when you create your Postgres database, so it's unique to your instance.

The super user is created when you first set the superuser password from the PythonAnywhere web interface, so it's as secure as you make it.

Regarding the other users... again, I'm not an expert in Postgres security. I believe that "public" isn't a real user, so you can't log in as it. The user postgres is, as I understand it (eg. see here), by default set up to not have password-based access at all. It can only be accessed if you are logged in to the specific machine where Postgres is running, as a Unix user called "postgres". And your Postgres instance isn't a full Unix machine, so no-one can log in to it as postgres.