this post was submitted on 17 Jun 2026
137 points (96.6% liked)

Fediverse

42502 readers
401 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, Mbin, etc).

If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration)

founded 3 years ago
MODERATORS
ruud@lemmy.world
Xylinna@lemmy.world
MrCenny@lemmy.world
TragicNotCute@lemmy.world
automodbeta@lemmy.world
woelkchen@lemmy.world
137
FYI, blahaj.zone is down for the next few hours (pen.blahaj.zone)
submitted 10 hours ago* (last edited 10 hours ago) by quill7513@anarchist.nexus to c/fediverse@lemmy.world
22 comments fedilink hide all child comments
 

Blahaj.zone experienced a security breach and is handling it to properly reduce the risk of harm to their users. the current eta for their reture is in about 7 hours.

you are viewing a single comment's thread
view the rest of the comments
[–] WhyJiffie@sh.itjust.works 2 points 2 hours ago

Use a separate DBMS (that is, a separate postgres/mariasql/etc container) for each service. Give each one service unique passwords, which you can define in the docker compose.

unique passwords is good practice, but separate db server for each of the services is extreme. it brings much more resource consumption. the solution here is being subscribed to security releases and updating soon. those application kernels also sound like a good idea. and as I understand, postgres permissions were not at fault, the permission system had a bug.

Even if one application that connects to a database gets owned, it doesn't have access to other postgres databases, preventing data leaks/exfiltration.

except that because of the bug, anyone with query permission could have become postgres superuser.