Skip site navigation (1) Skip section navigation (2)

Revoking usage of pg_catalog

From: "Daniel Cristian Cruz" <danielcristian(at)gmail(dot)com>
To: pgsql-admin <pgsql-admin(at)postgresql(dot)org>
Subject: Revoking usage of pg_catalog
Date: 2007-05-09 13:05:21
Message-ID: 48d0cacb0705090605i4c1c2107s2186c52468e07d46@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-admin
Hi there!

Is it possible to revoke usage of pg_catalog for a specific user?

The reason is to secure PostgreSQL. If a user can connect to a database, it
could query pg_class, pg_attribute, pg_proc search for specific tables and
if using dblink, even database passwords...

I just made a test, revoking usage of pg_catalog from PUBLIC, but tables are
still available through "SELECT * FROM pg_class", but not through "SELECT *
FROM pg_catalog.pg_class". I found in manual, where it says pg_catalog is
searched before any schema on search_path...

If schema pg_catalog became blocked, PostgreSQL could be used? Could it be
possible to made queries on allowed schemas and tables? This could be an
item for the wishlist?

Kind regards,
-- 
Daniel Cristian Cruz

Responses

pgsql-admin by date

Next:From: gap.mailinglistsDate: 2007-05-09 14:00:14
Subject: Copying schemas between databases
Previous:From: Thomas MarkusDate: 2007-05-09 11:50:07
Subject: Re: infinite blocking statements in 8.2.3

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group