Re: create table permission - Mailing list pgsql-admin
| From | Heni Lolov |
|---|---|
| Subject | Re: create table permission |
| Date | |
| Msg-id | 20020619084023.35932.qmail@web21008.mail.yahoo.com Whole thread Raw |
| In response to | Re: create table permission (Rasmus Mohr <rmo@Netpointers.com>) |
| List | pgsql-admin |
What about a cycle taht does: create table table1(....); create table table2(....); .................... create table tableN(....); and another: insert into table1 values(.....); insert into table2 values(.....); .................... insert into tablen values(.....); And so on till out fo disk spoace occurs. This could be done by even the most restricted users taht can access the database. Isn't is a huge and obvious secyrity hole? Hal --- Rasmus Mohr <rmo@Netpointers.com> wrote: > What 'bout: > > REVOKE ALL ON "table_name" FROM PUBLIC; > GRANT ALL ON "table_name" TO "postgres"; > GRANT SELECT ON "table_name" TO "select_user"; > > ??? > > -------------------------------------------------------------- > Rasmus T. Mohr Direct : +45 36 910 122 > Application Developer Mobile : +45 28 731 827 > Netpointers Intl. ApS Phone : +45 70 117 117 > Vestergade 18 B Fax : +45 70 115 115 > 1456 Copenhagen K Email : mailto:rmo@netpointers.com > Denmark Website : http://www.netpointers.com > > "Remember that there are no bugs, only undocumented features." > -------------------------------------------------------------- > > > -----Original Message----- > > From: pgsql-admin-owner@postgresql.org > > [mailto:pgsql-admin-owner@postgresql.org]On Behalf Of Heni Lolov > > Sent: Wednesday, June 19, 2002 10:17 AM > > To: pgsql-admin@postgresql.org > > Subject: Re: [ADMIN] create table permission > > > > > > Hi, > > > > This is the nost stupid thing in PostgreSQL, but there is no > > CREATE TABLE > > privilege :((((((( > > Everybody CAN create tables. Unfortunately it will not be > > inplemented even in > > Pg 7.3 according to TODO list. The developers do not consider > > it as important > > feature. In my opinion this is the most obvious security hole > > in PostgreSQL. > > Really Stupid but FACT!!!!! > > > > HEY PEOPLE WILL YOU EVER FIX IT? > > > > Hal > > > > --- bertdd@lumumba.luc.ac.be wrote: > > > How can I give SELECT privileges to a table of a database > > without giving > > > CREATE TABLE privileges to that database ? > > > > > > Bert De Decker > > > > > > > > > ---------------------------(end of > > broadcast)--------------------------- > > > TIP 6: Have you searched our list archives? > > > > > > http://archives.postgresql.org > > > > > > __________________________________________________ > > Do You Yahoo!? > > Yahoo! - Official partner of 2002 FIFA World Cup > > http://fifaworldcup.yahoo.com > > > > ---------------------------(end of > > broadcast)--------------------------- > > TIP 6: Have you searched our list archives? > > > > http://archives.postgresql.org > > > > __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com
pgsql-admin by date: