Hi
Again boring admin question:
I found that all users have access to pg_class etc. by default. In my
opinion this causes some security questions or at least can make users
curious about things they should not.
e.g. SELCT * FROM pg_tables where table_name like '%customer_accountings%';
Probably this user should NOT know, that there are some
customer_accountings on this system???
How do you solve this problem?
Would it not be usefull to have some views like all_tables, user_tables
etc. (like a big db company does) for preventing acces to pg_tables (=
dba_tables)?
How is it recommended to revoke the rights to pg_xxx?
REVOKE ALL PRIVS FROM PUBLIC... (like pgdump does)
And then create own access rules?
It seems to me, that e.g. php_mod for apache does not work properly
after this becaus they do NOT find e.g. column names anymore (clear: he
does not have access to pg_tables, etc. anymore!)
Any hint is welcome
Oli
-------------------------------------------------------
Oli Sennhauser
Database-Engineer (Oracle & PostgreSQL)
Rebenweg 6
CH - 8610 Uster / Switzerland
Phone (+41) 1 940 24 82 or Mobile (+41) 79 450 49 14
e-Mail oli.sennhauser@bluewin.ch
Website http://mypage.bluewin.ch/shinguz/PostgreSQL/
Secure (signed/encrypted) e-Mail with a Free Personal SwissSign ID: http://www.swisssign.ch
Import the SwissSign Root Certificate: http://swisssign.net/cgi-bin/trust/import
