Re: How to deny remote backups ? - Mailing list pgsql-admin

From Michael Fuhr
Subject Re: How to deny remote backups ?
Date
Msg-id 20050304170057.GA44195@winnie.fuhr.org
Whole thread Raw
In response to Re: How to deny remote backups ?  (juanmime@ono.com)
List pgsql-admin
On Fri, Mar 04, 2005 at 05:33:02PM +0100, juanmime@ono.com wrote:

> OK. but I think that an aproximation to the solution or a half solution could
> be deny the user consulting the system database catalog or (pg_tables). In
> that case,  the user is not able to know the name of the tables inside the
> db, and therefore he does not know which are the tables to dump. I think
> also, that pg_dump could fail at this scenario.

Users presumably already know about the tables they're allowed to
SELECT from -- otherwise how would they know to query them?  So in
that case, protecting the system catalogs wouldn't help.  And for
the tables that users don't know about but could discover through
the system catalogs, if the users don't have SELECT privileges then
they won't be able to dump those tables anyway.

What problem are you really trying to solve?  If you want to hide
the fact that certain tables exist, then maybe you could put them
in a separate database and use a mechanism involving dblink with
views and/or functions to control access to them.

--
Michael Fuhr
http://www.fuhr.org/~mfuhr/

pgsql-admin by date:

Previous
From: juanmime@ono.com
Date:
Subject: Re: How to deny remote backups ?
Next
From: Bruno Wolff III
Date:
Subject: Re: How to deny remote backups ?