| From: | "Marc G(dot) Fournier" <scrappy(at)postgresql(dot)org> |
|---|---|
| To: | Dave Page <dpage(at)vale-housing(dot)co(dot)uk> |
| Cc: | euler(at)ufgnet(dot)ufg(dot)br, chriskl(at)familyhealth(dot)com(dot)au, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Increasing security in a shared environment ... |
| Date: | 2004-03-29 18:21:47 |
| Message-ID: | 20040329142116.B51637@ganymede.hub.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, 29 Mar 2004, Dave Page wrote:
> It's rumoured that Euler Taveira de Oliveira once said:
> > Hi Christopher,
> >
> >> > "The \l command should only list databases that the current user is
> >> > authorized for, the \du command should only list users authorized
> >> > for the current database (and perhaps only superusers should get
> >> > even that much information), etc. Perhaps it is possible to set PG
> >> > to do this, but that should probably be the default."
> >> >
> > Seem reasonable. Why not prevent normal users to dig on the pg_catalog?
> > What is the impact of it?
>
> Because they can't use tools like pgAdmin or phpPgAdmin unless they can at
> least read all the catalogs.
k, but what I'm suggesting shouldn't prevent that, should it? They should
only be able to see those resources that they have permissions to see, not
all of them ... no?
----
Marc G. Fournier Hub.Org Networking Services (http://www.hub.org)
Email: scrappy(at)hub(dot)org Yahoo!: yscrappy ICQ: 7615664
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2004-03-29 18:23:32 | Re: [HACKERS] Dates BC. |
| Previous Message | Tom Lane | 2004-03-29 18:16:25 | Re: Increasing security in a shared environment ... |