Home > mailing lists

Re: Revoke Public Database Connect - Mailing list pgsql-novice

From	Francisco Leovey
Subject	Re: Revoke Public Database Connect
Date	May 27, 2011 23:05:30
Msg-id	558247.13737.qm@web39304.mail.mud.yahoo.com Whole thread Raw
In response to	Revoke Public Database Connect (Alan Gutierrez <alan@prettyrobots.com>)
Responses	Re: Revoke Public Database Connect ("Lacey L. Powers" <lacey.leanne@gmail.com>)
List	pgsql-novice

Tree view

That is a ridiculous "nanosecond window" - the database you created is empty - nothing to connect to. Just load data AFTER the revoke.

--- On Fri, 5/27/11, Alan Gutierrez <alan@prettyrobots.com> wrote:

From: Alan Gutierrez <alan@prettyrobots.com>
Subject: [NOVICE] Revoke Public Database Connect
To: pgsql-novice@postgresql.org
Date: Friday, May 27, 2011, 2:55 PM

I'm configuring a multi-tenant PostgreSQL server. When I create a new database, anyone can connect to it. For me, that is bad.

I run:

REVOKE CONNECT ON DATABASE d FROM public;

Now I'm only able to connect to the database as postgres.

I tired putting the create and revoke in a transaction, but create database cannot be put in a transaction. How do I create a database so there is not that nanosecond window where someone could connect to the database publiclly?

--
Alan Gutierrez - http://twitter.com/bigeasy - http://github.com/bigeasy

-- Sent via pgsql-novice mailing list (pgsql-novice@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-novice

pgsql-novice by date:

From: Alan Gutierrez
Date: 27 May 2011, 19:40:30
Subject: Revoke Public Database Connect

From: "Lacey L. Powers"
Date: 27 May 2011, 23:39:16
Subject: Re: Revoke Public Database Connect

Re: Revoke Public Database Connect - Mailing list pgsql-novice

Previous

Next