| From: | "Marc G(dot) Fournier" <scrappy(at)postgresql(dot)org> |
|---|---|
| To: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Increasing security in a shared environment ... |
| Date: | 2004-03-29 17:20:59 |
| Message-ID: | 20040329131819.B51637@ganymede.hub.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, 29 Mar 2004, Andrew Dunstan wrote:
> My previous answer to this question has been "use a middleware layer
> that exposes just the operations you want exposed". But this issue has
> come up a few times so maybe some more thought is needed. Of course, we
> are only talking about metadata here, not user table contents, but maybe
> some people have a justifiable need to hide even the metadata.
You could almost look at it from a security perspective ... if any user
can see all databases, then its simple enough to try and connect to them
all and see which ones are open ... its not hard to 'mis-configure'
pg_hba.conf without realizing it, leaving things open when you meant for
them to be closed ... it would be an added layer of protection ...
Does anyone know how ppl like Oracle handle this? Are system catalogs
like this open to all users?
----
Marc G. Fournier Hub.Org Networking Services (http://www.hub.org)
Email: scrappy(at)hub(dot)org Yahoo!: yscrappy ICQ: 7615664
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dave Page | 2004-03-29 18:11:13 | Re: Increasing security in a shared environment ... |
| Previous Message | Andrew Dunstan | 2004-03-29 17:09:01 | Re: Increasing security in a shared environment ... |