Re: security documentation - Mailing list pgsql-general

From Scott Marlowe
Subject Re: security documentation
Date
Msg-id 1128095478.29347.82.camel@state.g2switchworks.com
Whole thread Raw
In response to Re: security documentation  (jeff sacksteder <jsacksteder@gmail.com>)
List pgsql-general
On Fri, 2005-09-30 at 09:14, jeff sacksteder wrote:
> Are there any data access issues (as opposed to data visibility
> issues)
>         you are having?
>
>
> No, It's just that in a hosting situation where each customer has a
> database of their own, they need to be boxed in somehow. In the event
> of an application bug allowing raw sql to be executed, it's not
> appropriate for them to be able to learn what other databases and
> users exist.

Well, the fact that they're still on the same database cluster is the
real issue then.  If you need true isolation, then each one needs their
own (possibly virtual) server.

No matter how much you might be able to hide the other databases,
they're still there, and issuing an unconstrained join can still pretty
much kill everyone else's performance.

pgsql-general by date:

Previous
From: Martijn van Oosterhout
Date:
Subject: Re: Help with inventory control
Next
From: Gandalf Me
Date:
Subject: Exporting just schema/metadata (w/o data) in Postgres