Thread: create table permission
How can I give SELECT privileges to a table of a database without giving CREATE TABLE privileges to that database ? Bert De Decker
bertdd@lumumba.luc.ac.be wrote: > How can I give SELECT privileges to a table of a database without giving > CREATE TABLE privileges to that database ? You can't. In 7.3, you will be able to. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026
Hi, This is the nost stupid thing in PostgreSQL, but there is no CREATE TABLE privilege :((((((( Everybody CAN create tables. Unfortunately it will not be inplemented even in Pg 7.3 according to TODO list. The developers do not consider it as important feature. In my opinion this is the most obvious security hole in PostgreSQL. Really Stupid but FACT!!!!! HEY PEOPLE WILL YOU EVER FIX IT? Hal --- bertdd@lumumba.luc.ac.be wrote: > How can I give SELECT privileges to a table of a database without giving > CREATE TABLE privileges to that database ? > > Bert De Decker > > > ---------------------------(end of broadcast)--------------------------- > TIP 6: Have you searched our list archives? > > http://archives.postgresql.org __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com
What 'bout: REVOKE ALL ON "table_name" FROM PUBLIC; GRANT ALL ON "table_name" TO "postgres"; GRANT SELECT ON "table_name" TO "select_user"; ??? -------------------------------------------------------------- Rasmus T. Mohr Direct : +45 36 910 122 Application Developer Mobile : +45 28 731 827 Netpointers Intl. ApS Phone : +45 70 117 117 Vestergade 18 B Fax : +45 70 115 115 1456 Copenhagen K Email : mailto:rmo@netpointers.com Denmark Website : http://www.netpointers.com "Remember that there are no bugs, only undocumented features." -------------------------------------------------------------- > -----Original Message----- > From: pgsql-admin-owner@postgresql.org > [mailto:pgsql-admin-owner@postgresql.org]On Behalf Of Heni Lolov > Sent: Wednesday, June 19, 2002 10:17 AM > To: pgsql-admin@postgresql.org > Subject: Re: [ADMIN] create table permission > > > Hi, > > This is the nost stupid thing in PostgreSQL, but there is no > CREATE TABLE > privilege :((((((( > Everybody CAN create tables. Unfortunately it will not be > inplemented even in > Pg 7.3 according to TODO list. The developers do not consider > it as important > feature. In my opinion this is the most obvious security hole > in PostgreSQL. > Really Stupid but FACT!!!!! > > HEY PEOPLE WILL YOU EVER FIX IT? > > Hal > > --- bertdd@lumumba.luc.ac.be wrote: > > How can I give SELECT privileges to a table of a database > without giving > > CREATE TABLE privileges to that database ? > > > > Bert De Decker > > > > > > ---------------------------(end of > broadcast)--------------------------- > > TIP 6: Have you searched our list archives? > > > > http://archives.postgresql.org > > > __________________________________________________ > Do You Yahoo!? > Yahoo! - Official partner of 2002 FIFA World Cup > http://fifaworldcup.yahoo.com > > ---------------------------(end of > broadcast)--------------------------- > TIP 6: Have you searched our list archives? > > http://archives.postgresql.org > >
What about a cycle taht does: create table table1(....); create table table2(....); .................... create table tableN(....); and another: insert into table1 values(.....); insert into table2 values(.....); .................... insert into tablen values(.....); And so on till out fo disk spoace occurs. This could be done by even the most restricted users taht can access the database. Isn't is a huge and obvious secyrity hole? Hal --- Rasmus Mohr <rmo@Netpointers.com> wrote: > What 'bout: > > REVOKE ALL ON "table_name" FROM PUBLIC; > GRANT ALL ON "table_name" TO "postgres"; > GRANT SELECT ON "table_name" TO "select_user"; > > ??? > > -------------------------------------------------------------- > Rasmus T. Mohr Direct : +45 36 910 122 > Application Developer Mobile : +45 28 731 827 > Netpointers Intl. ApS Phone : +45 70 117 117 > Vestergade 18 B Fax : +45 70 115 115 > 1456 Copenhagen K Email : mailto:rmo@netpointers.com > Denmark Website : http://www.netpointers.com > > "Remember that there are no bugs, only undocumented features." > -------------------------------------------------------------- > > > -----Original Message----- > > From: pgsql-admin-owner@postgresql.org > > [mailto:pgsql-admin-owner@postgresql.org]On Behalf Of Heni Lolov > > Sent: Wednesday, June 19, 2002 10:17 AM > > To: pgsql-admin@postgresql.org > > Subject: Re: [ADMIN] create table permission > > > > > > Hi, > > > > This is the nost stupid thing in PostgreSQL, but there is no > > CREATE TABLE > > privilege :((((((( > > Everybody CAN create tables. Unfortunately it will not be > > inplemented even in > > Pg 7.3 according to TODO list. The developers do not consider > > it as important > > feature. In my opinion this is the most obvious security hole > > in PostgreSQL. > > Really Stupid but FACT!!!!! > > > > HEY PEOPLE WILL YOU EVER FIX IT? > > > > Hal > > > > --- bertdd@lumumba.luc.ac.be wrote: > > > How can I give SELECT privileges to a table of a database > > without giving > > > CREATE TABLE privileges to that database ? > > > > > > Bert De Decker > > > > > > > > > ---------------------------(end of > > broadcast)--------------------------- > > > TIP 6: Have you searched our list archives? > > > > > > http://archives.postgresql.org > > > > > > __________________________________________________ > > Do You Yahoo!? > > Yahoo! - Official partner of 2002 FIFA World Cup > > http://fifaworldcup.yahoo.com > > > > ---------------------------(end of > > broadcast)--------------------------- > > TIP 6: Have you searched our list archives? > > > > http://archives.postgresql.org > > > > __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com
This ain't a bug! This is lack of an inportant reature feature. --- Rasmus Mohr <rmo@Netpointers.com> wrote: > Hmmm you may be right, i can't really tell. Did you submit this as a bug? > > -------------------------------------------------------------- > Rasmus T. Mohr Direct : +45 36 910 122 > Application Developer Mobile : +45 28 731 827 > Netpointers Intl. ApS Phone : +45 70 117 117 > Vestergade 18 B Fax : +45 70 115 115 > 1456 Copenhagen K Email : mailto:rmo@netpointers.com > Denmark Website : http://www.netpointers.com > > "Remember that there are no bugs, only undocumented features." > -------------------------------------------------------------- > > > -----Original Message----- > > From: Heni Lolov [mailto:hal_bg@yahoo.com] > > Sent: Wednesday, June 19, 2002 10:40 AM > > To: Rasmus Mohr > > Subject: RE: [ADMIN] create table permission > > > > > > What about > > a cycle taht does: > > create table table1(....); > > create table table2(....); > > .................... > > create table tableN(....); > > > > and another: > > insert into table1 values(.....); > > insert into table2 values(.....); > > .................... > > insert into tablen values(.....); > > > > And so on till out fo disk spoace occurs. > > This could be done by even the most restricted users taht can > > access the > > database. > > > > Isn't is a huge and obvious secyrity hole? > > > > Hal > > > > --- Rasmus Mohr <rmo@Netpointers.com> wrote: > > > What 'bout: > > > > > > REVOKE ALL ON "table_name" FROM PUBLIC; > > > GRANT ALL ON "table_name" TO "postgres"; > > > GRANT SELECT ON "table_name" TO "select_user"; > > > > > > ??? > > > > > > -------------------------------------------------------------- > > > Rasmus T. Mohr Direct : +45 36 910 122 > > > Application Developer Mobile : +45 28 731 827 > > > Netpointers Intl. ApS Phone : +45 70 117 117 > > > Vestergade 18 B Fax : +45 70 115 115 > > > 1456 Copenhagen K Email : mailto:rmo@netpointers.com > > > Denmark Website : http://www.netpointers.com > > > > > > "Remember that there are no bugs, only undocumented features." > > > -------------------------------------------------------------- > > > > > > > -----Original Message----- > > > > From: pgsql-admin-owner@postgresql.org > > > > [mailto:pgsql-admin-owner@postgresql.org]On Behalf Of Heni Lolov > > > > Sent: Wednesday, June 19, 2002 10:17 AM > > > > To: pgsql-admin@postgresql.org > > > > Subject: Re: [ADMIN] create table permission > > > > > > > > > > > > Hi, > > > > > > > > This is the nost stupid thing in PostgreSQL, but there is no > > > > CREATE TABLE > > > > privilege :((((((( > > > > Everybody CAN create tables. Unfortunately it will not be > > > > inplemented even in > > > > Pg 7.3 according to TODO list. The developers do not consider > > > > it as important > > > > feature. In my opinion this is the most obvious security hole > > > > in PostgreSQL. > > > > Really Stupid but FACT!!!!! > > > > > > > > HEY PEOPLE WILL YOU EVER FIX IT? > > > > > > > > Hal > > > > > > > > --- bertdd@lumumba.luc.ac.be wrote: > > > > > How can I give SELECT privileges to a table of a database > > > > without giving > > > > > CREATE TABLE privileges to that database ? > > > > > > > > > > Bert De Decker > > > > > > > > > > > > > > > ---------------------------(end of > > > > broadcast)--------------------------- > > > > > TIP 6: Have you searched our list archives? > > > > > > > > > > http://archives.postgresql.org > > > > > > > > > > > > __________________________________________________ > > > > Do You Yahoo!? > > > > Yahoo! - Official partner of 2002 FIFA World Cup > > > > http://fifaworldcup.yahoo.com > > > > > > > > ---------------------------(end of > > > > broadcast)--------------------------- > > > > TIP 6: Have you searched our list archives? > > > > > > > > http://archives.postgresql.org > > > > > > > > > > > > > > __________________________________________________ > > Do You Yahoo!? > > Yahoo! - Official partner of 2002 FIFA World Cup > > http://fifaworldcup.yahoo.com > > > > __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com
Heni Lolov wrote: > Hi, > > This is the nost stupid thing in PostgreSQL, but there is no CREATE TABLE > privilege :((((((( > Everybody CAN create tables. Unfortunately it will not be inplemented even in > Pg 7.3 according to TODO list. The developers do not consider it as important > feature. In my opinion this is the most obvious security hole in PostgreSQL. > Really Stupid but FACT!!!!! > > HEY PEOPLE WILL YOU EVER FIX IT? Yes, it is stupid. It should have been fixed a long time ago. It will be fixed in 7.3. I had not marked it as fixed in 7,3 on TODO but I will right now. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026
--- Bruce Momjian <pgman@candle.pha.pa.us> wrote: > Heni Lolov wrote: > > Hi, > > > > This is the nost stupid thing in PostgreSQL, but > there is no CREATE TABLE > > privilege :((((((( > > Everybody CAN create tables. Unfortunately it will > not be inplemented even in > > Pg 7.3 according to TODO list. The developers do > not consider it as important > > feature. In my opinion this is the most obvious > security hole in PostgreSQL. > > Really Stupid but FACT!!!!! > > > > HEY PEOPLE WILL YOU EVER FIX IT? > > Yes, it is stupid. It should have been fixed a long > time ago. It will > be fixed in 7.3. I had not marked it as fixed in > 7,3 on TODO but I will > right now. > > -- > Bruce Momjian | > http://candle.pha.pa.us > pgman@candle.pha.pa.us | (610) > 853-3000 > + If your life is a hard drive, | 830 Blythe > Avenue > + Christ can be your backup. | Drexel > Hill, Pennsylvania 19026 > > ---------------------------(end of > broadcast)--------------------------- > TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org ===== bbye - ashwini __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com
Thanks! We've waited so long..... Hal --- Bruce Momjian <pgman@candle.pha.pa.us> wrote: > Heni Lolov wrote: > > Hi, > > > > This is the nost stupid thing in PostgreSQL, but there is no CREATE TABLE > > privilege :((((((( > > Everybody CAN create tables. Unfortunately it will not be inplemented even > in > > Pg 7.3 according to TODO list. The developers do not consider it as > important > > feature. In my opinion this is the most obvious security hole in > PostgreSQL. > > Really Stupid but FACT!!!!! > > > > HEY PEOPLE WILL YOU EVER FIX IT? > > Yes, it is stupid. It should have been fixed a long time ago. It will > be fixed in 7.3. I had not marked it as fixed in 7,3 on TODO but I will > right now. > > -- > Bruce Momjian | http://candle.pha.pa.us > pgman@candle.pha.pa.us | (610) 853-3000 > + If your life is a hard drive, | 830 Blythe Avenue > + Christ can be your backup. | Drexel Hill, Pennsylvania 19026 > > ---------------------------(end of broadcast)--------------------------- > TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com