Hi to all
I'm mantaining a Postgres installation on an ISP, and I see a relativly
important security issue.
I can connect to postgres with a normal user login and take a look to
the database structure of all the other databases on the installation.
This is very visual with PGadmin. I connect as a simple user, and I
can't create or select data from other's database, but i can see which
databases exists on the system and look at the tables and columns of
each of them (and i don't want it).
I've tried to solve it with:
REVOKE ALL PRIVILEGES ON DATABASE x FROM PUBLIC;
REVOKE ALL PRIVILEGES ON SCHEMA public FROM PUBLIC;
REVOKE ALL PRIVILEGES ON SCHEMA public FROM GROUP users;
...
And I still can to look at the others database structure (connecting as
a non privileged user) ...
How I could solve this?
Thanks
--
********************************************************
Daniel Rubio Rodríguez
********************************************************
