Skip site navigation (1) Skip section navigation (2)

Re: Increasing security in a shared environment ...

From: "scott(dot)marlowe" <scott(dot)marlowe(at)ihs(dot)com>
To: "Marc G(dot) Fournier" <scrappy(at)postgresql(dot)org>
Cc: Dave Page <dpage(at)vale-housing(dot)co(dot)uk>, <euler(at)ufgnet(dot)ufg(dot)br>,<chriskl(at)familyhealth(dot)com(dot)au>, <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Increasing security in a shared environment ...
Date: 2004-03-29 19:57:28
Message-ID: Pine.LNX.4.33.0403291255130.22030-100000@css120.ihs.com (view raw or flat)
Thread:
Lists: pgsql-hackers
On Mon, 29 Mar 2004, Marc G. Fournier wrote:

> On Mon, 29 Mar 2004, Dave Page wrote:
> 
> > It's rumoured that Euler Taveira de Oliveira once said:
> > > Hi Christopher,
> > >
> > >> > "The \l command should only list databases that the current user is
> > >> > authorized for, the \du command should only list users authorized
> > >> > for the current database (and perhaps only superusers should get
> > >> > even that much information), etc.  Perhaps it is possible to set PG
> > >> > to do this, but that should probably be the default."
> > >> >
> > > Seem reasonable. Why not prevent normal users to dig on the pg_catalog?
> > > What is the impact of it?
> >
> > Because they can't use tools like pgAdmin or phpPgAdmin unless they can at
> > least read all the catalogs.
> 
> k, but what I'm suggesting shouldn't prevent that, should it?  They should
> only be able to see those resources that they have permissions to see, not
> all of them ... no?

I think an auto-filtering system for \l and other backslash commands as 
needed, makes a lot more sense than trying 
to deny access to the catalogs.  Obscuring them for security reasons is no 
win, really.  Obscuring them so user number 1,000,000 in his own database 
doesn't have to look at user numbers 1 through 999,999 to see his database 
go by.

While I'm not sure I'd build a 1,000,000 user database, somewhere between 
the 80 we currently have at work and a few thousand you'd go nuts if you 
saw a bunch of data that didn't belong to you every time you hit \l.


In response to

pgsql-hackers by date

Next:From: Tom LaneDate: 2004-03-29 20:23:34
Subject: Re: int2[] vs int2vector in pg_catalog?
Previous:From: Andrew DunstanDate: 2004-03-29 19:25:24
Subject: Re: Increasing security in a shared environment ...

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group