Re: Catalog Security WAS: Views, views, views: Summary

On Sat, May 14, 2005 at 12:25:01PM +1000, Russell Smith wrote:

> - Which parts of other databases can be seen by users?

The name, username of the owner, etc. No table names, for example.
The user list is also visible to everyone, across databases.

> - What is the best method to restrict connections to db's people don't have
> permissions to.

pg_hba.conf. Apparently some people run separate postmasters for each,
and there are reasons to do that (shared xlogs can be a hassle, for
example; if something goes ill in another database, you may be screwed
too. Or shared oldest Xid.)

> Tom mentioned that he had not had these security concerns raised before. From
> my point of view I just have no idea about the level of information offered
> to any given user and am scared to run PostgreSQL in an ISP shared
> environment because of it.

Actually I've seen complaints before. Within a DB you can see the names
and columns of all tables, views, etc. Some people want to hide that,
and I see the point. In a shared environment you can probably get away
with giving separate databases to each, and you have perfect isolation,
so no worries there. But if you want to partially share data in a
useful manner (say use foreign keys from one "DB" to another) you have
to use schemas, and by doing so you are automatically granting
visibility to lots of info about your database. (Not the data itself
though.)

--
Alvaro Herrera (<alvherre[a]surnet.cl>)
"Hoy es el primer día del resto de mi vida"