Skip site navigation (1) Skip section navigation (2)

Re: Increasing security in a shared environment ...

From: "Marc G(dot) Fournier" <scrappy(at)postgresql(dot)org>
To: Andrew Dunstan <andrew(at)dunslane(dot)net>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: Increasing security in a shared environment ...
Date: 2004-03-29 17:20:59
Message-ID: 20040329131819.B51637@ganymede.hub.org (view raw or flat)
Thread:
Lists: pgsql-hackers
On Mon, 29 Mar 2004, Andrew Dunstan wrote:

> My previous answer to this question has been "use a middleware layer
> that exposes just the operations you want exposed". But this issue has
> come up a few times so maybe some more thought is needed. Of course, we
> are only talking about metadata here, not user table contents, but maybe
> some people have a justifiable need to hide even the metadata.

You could almost look at it from a security perspective ... if any user
can see all databases, then its simple enough to try and connect to them
all and see which ones are open ... its not hard to 'mis-configure'
pg_hba.conf without realizing it, leaving things open when you meant for
them to be closed ... it would be an added layer of protection ...

Does anyone know how ppl like Oracle handle this?  Are system catalogs
like this open to all users?

----
Marc G. Fournier           Hub.Org Networking Services (http://www.hub.org)
Email: scrappy(at)hub(dot)org           Yahoo!: yscrappy              ICQ: 7615664

In response to

pgsql-hackers by date

Next:From: Dave PageDate: 2004-03-29 18:11:13
Subject: Re: Increasing security in a shared environment ...
Previous:From: Andrew DunstanDate: 2004-03-29 17:09:01
Subject: Re: Increasing security in a shared environment ...

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group