On Sun, Feb 10, 2019 at 03:19:48PM -0800, Paul Jungwirth wrote:
> On 2/10/19 2:57 PM, auxsvr wrote:
> >We'd like to configure an RDS server for shared hosting. The idea is that every customer will be using a different
databaseand FDW will be configured, so that the remote tables have access to the full data
>
> I've set up something like this before (but on EC2), and the only problem I
> couldn't solve was that any user can see your full customer list by typing
> `\l` or `\du`. They can't see other customers' stuff, but they can see how
> many customers you have and their database/login names. The only way around
> it I know is that run separate "clusters" aka RDS instances.
>
> You can try to lock this down somewhat by revoking access to various system
> tables, but it starts breaking a lot of tools (e.g. some GUI tools don't
> know what to do if they get an error just listing the databases). Also it is
> so piecemeal I wouldn't trust that I'd blocked off all avenues of getting
> the information.
>
> I'd love to be corrected on this btw if anyone has better information! :-)
Heroku had that issue and used hash values for the user and database
names.
--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ As you are, so once was I. As I am, so you will be. +
+ Ancient Roman grave inscription +