Postgres Pro
Downloads
Home   >   mailing lists

Re: Catalog Security WAS: Views, views, views: Summary - Mailing list pgsql-hackers

From Russell Smith
Subject Re: Catalog Security WAS: Views, views, views: Summary
Date
Msg-id 200505141225.01741.mr-russ@pws.com.au
Whole thread Raw
In response to Re: Catalog Security WAS: Views, views, views: Summary  (Andrew Dunstan <andrew@dunslane.net>)
Responses Re: Catalog Security WAS: Views, views, views: Summary  (Alvaro Herrera <alvherre@surnet.cl>)
Re: Catalog Security WAS: Views, views, views: Summary  (Stephen Frost <sfrost@snowman.net>)
List pgsql-hackers
Tree view 
On Sat, 14 May 2005 04:34 am, Andrew Dunstan wrote:
>
> Andrew - Supernews wrote:
>
> >>
> >>1) The "ISP" case, where you want to hide all catalog information from the
> >>users except the database owner or superuser.
> >>
> >>
> >
> >I don't believe this is ever feasible in practice, since client interfaces
> >at any level higher than libpq will need to access metadata corresponding
> >to the data they are retrieving.
> >
> >
> >
>
> In the general case you might well be right. Following a scheme like I
> have in mind is not something that would be transparent to the
> application - it will probably impose some serious limits on the app.
> The little sample application I did for testing did everything by stored
> procedure. Anyway, as I said, it's a project for the future.
>
From a general user point of view, I do not know the system catalogs very
well. I am very unsure of what level of information is available to every
user on the system.

- Which parts of other databases can be seen by users?
- What is the best method to restrict connections to db's people don't have
permissions to.
- Is there some restrictions you can place on tables people don't have access
too.  Otherwise they can see all the columns and table info.

These are just some of the questions I have, I'm not sure where to get
answers, searching the archives may help, but it's definitely not a final
answer.  Especially since this stuff would be a moving target with each
version change of PostgreSQL.

Tom mentioned that he had not had these security concerns raised before.  From
my point of view I just have no idea about the level of information offered
to any given user and am scared to run PostgreSQL in an ISP shared
environment because of it.  I am sure I can secure people from connecting to
a db by refusing them access in pg_hba.conf.  But I'm unsure of exactly what
that buys me, and what is doesn't.

A hardening script would be helpful, but some clear information on what is
also available to the average user would be good too.  I know I should
probably step up to do this and don't have time at the moment.  I'm sure if I
did, I would also miss a great number of things.

Regards

Russell Smith

pgsql-hackers by date:

Previous
From: "Greg Sabino Mullane"
Date:
Subject: Re: libpq lo_open errors when first action in connection
Next
From: Alvaro Herrera
Date:
Subject: Re: Catalog Security WAS: Views, views, views: Summary