id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc,branch,changelog,apichanges,internalchanges 5566,Postgresql admin security issue,dannys@…,,"Trac accepts postgres as a database backend using a string such as: postgres://user:password@localhost:port/database The problem is anyone with read access to this trac directory basically has full administrator priveleges, because they can just issue the command ""trac-admin trac_project permission myself TRAC_ADMIN"" Ideally I'd like to grant project administrators with the ability to customize their trac environment and delegate permissions to other users as necessary. (I keep a master authz file to share amongst various projects) But it seems like 'trac-admin' should really be using the local users authentication credentials. And there should be a seperate set of credentials (that I can keep in a protected file) for the trac web interface. This problem most likely extends to mysql and any other database connection type. SQLite is one of the few exceptions since it's entirely file based. I'm using trac-0.10.3.1-2.fc6 and subversion-1.4.3-2.fc6 (on Fedora Core 6, obviously). ",defect,new,normal,next-major-releases,admin/console,0.10.3,normal,,"postgresql, permissions",,,,,