From: | Steve Crawford <scrawford(at)pinpointresearch(dot)com> |
---|---|
To: | Alan Gutierrez <alan(at)prettyrobots(dot)com> |
Cc: | pgsql-novice(at)postgresql(dot)org |
Subject: | Re: Revoke Public Database Connect |
Date: | 2011-05-27 23:43:48 |
Message-ID: | 4DE03734.80608@pinpointresearch.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-novice |
On 05/27/2011 10:55 AM, Alan Gutierrez wrote:
> I'm configuring a multi-tenant PostgreSQL server. When I create a new
> database, anyone can connect to it. For me, that is bad.
>
> I run:
>
> REVOKE CONNECT ON DATABASE d FROM public;
>
> Now I'm only able to connect to the database as postgres.
>
> I tired putting the create and revoke in a transaction, but create
> database cannot be put in a transaction. How do I create a database so
> there is not that nanosecond window where someone could connect to the
> database publiclly?
>
> --
> Alan Gutierrez - http://twitter.com/bigeasy - http://github.com/bigeasy
>
Um, really? Did you set pg_hba.conf to allow such a thing? That would be
bad.
If you, the superuser, create a database a normal user shouldn't be able
to connect to it until you grant them privilege to do so. (Note that
technically speaking anyone can connect to the database - a TCP or
socket connection must be established to even pass the initial
credentials - but PostgreSQL won't let them do anything till they pass
muster.)
It sounds to me like you have bad pg_hba.conf settings, have regular
users who are granted excessive rights, or, perhaps, are creating
databases from a template that has been altered to have loose permissions.
IBM Developer Works has a good article on the subject:
http://www.ibm.com/developerworks/opensource/library/os-postgresecurity/index.html
Cheers,
Steve
From | Date | Subject | |
---|---|---|---|
Next Message | James Smith | 2011-05-29 20:27:30 | Create GEOM Column |
Previous Message | Lacey L. Powers | 2011-05-27 23:39:05 | Re: Revoke Public Database Connect |