On 05/27/2011 10:55 AM, Alan Gutierrez wrote:
> I'm configuring a multi-tenant PostgreSQL server. When I create a new
> database, anyone can connect to it. For me, that is bad.
>
> I run:
>
> REVOKE CONNECT ON DATABASE d FROM public;
>
> Now I'm only able to connect to the database as postgres.
>
> I tired putting the create and revoke in a transaction, but create
> database cannot be put in a transaction. How do I create a database so
> there is not that nanosecond window where someone could connect to the
> database publiclly?
>
> --
> Alan Gutierrez - http://twitter.com/bigeasy - http://github.com/bigeasy
>
Um, really? Did you set pg_hba.conf to allow such a thing? That would be
bad.
If you, the superuser, create a database a normal user shouldn't be able
to connect to it until you grant them privilege to do so. (Note that
technically speaking anyone can connect to the database - a TCP or
socket connection must be established to even pass the initial
credentials - but PostgreSQL won't let them do anything till they pass
muster.)
It sounds to me like you have bad pg_hba.conf settings, have regular
users who are granted excessive rights, or, perhaps, are creating
databases from a template that has been altered to have loose permissions.
IBM Developer Works has a good article on the subject:
http://www.ibm.com/developerworks/opensource/library/os-postgresecurity/index.html
Cheers,
Steve
