Skip site navigation (1) Skip section navigation (2)

Revoking usage of pg_catalog

From: "Daniel Cristian Cruz" <danielcristian(at)gmail(dot)com>
To: pgsql-admin <pgsql-admin(at)postgresql(dot)org>
Subject: Revoking usage of pg_catalog
Date: 2007-05-09 13:05:21
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-admin
Hi there!

Is it possible to revoke usage of pg_catalog for a specific user?

The reason is to secure PostgreSQL. If a user can connect to a database, it
could query pg_class, pg_attribute, pg_proc search for specific tables and
if using dblink, even database passwords...

I just made a test, revoking usage of pg_catalog from PUBLIC, but tables are
still available through "SELECT * FROM pg_class", but not through "SELECT *
FROM pg_catalog.pg_class". I found in manual, where it says pg_catalog is
searched before any schema on search_path...

If schema pg_catalog became blocked, PostgreSQL could be used? Could it be
possible to made queries on allowed schemas and tables? This could be an
item for the wishlist?

Kind regards,
Daniel Cristian Cruz


pgsql-admin by date

Next:From: gap.mailinglistsDate: 2007-05-09 14:00:14
Subject: Copying schemas between databases
Previous:From: Thomas MarkusDate: 2007-05-09 11:50:07
Subject: Re: infinite blocking statements in 8.2.3

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group