| From: | Francisco Leovey <fleovey(at)yahoo(dot)com> |
|---|---|
| To: | Alan Gutierrez <alan(at)prettyrobots(dot)com> |
| Cc: | PGSQL NOVICE <pgsql-novice(at)postgresql(dot)org> |
| Subject: | Re: Revoke Public Database Connect |
| Date: | 2011-05-27 23:05:20 |
| Message-ID: | 558247.13737.qm@web39304.mail.mud.yahoo.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-novice |
That is a ridiculous "nanosecond window" - the database you created is empty - nothing to connect to. Just load data AFTER the revoke.
--- On Fri, 5/27/11, Alan Gutierrez <alan(at)prettyrobots(dot)com> wrote:
From: Alan Gutierrez <alan(at)prettyrobots(dot)com>
Subject: [NOVICE] Revoke Public Database Connect
To: pgsql-novice(at)postgresql(dot)org
Date: Friday, May 27, 2011, 2:55 PM
I'm configuring a multi-tenant PostgreSQL server. When I create a new database, anyone can connect to it. For me, that is bad.
I run:
REVOKE CONNECT ON DATABASE d FROM public;
Now I'm only able to connect to the database as postgres.
I tired putting the create and revoke in a transaction, but create database cannot be put in a transaction. How do I create a database so there is not that nanosecond window where someone could connect to the database publiclly?
--
Alan Gutierrez - http://twitter.com/bigeasy - http://github.com/bigeasy
-- Sent via pgsql-novice mailing list (pgsql-novice(at)postgresql(dot)org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-novice
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Lacey L. Powers | 2011-05-27 23:39:05 | Re: Revoke Public Database Connect |
| Previous Message | Alan Gutierrez | 2011-05-27 17:55:18 | Revoke Public Database Connect |