From: | "Lacey L(dot) Powers" <lacey(dot)leanne(at)gmail(dot)com> |
---|---|
To: | pgsql-novice(at)postgresql(dot)org |
Subject: | Re: Revoke Public Database Connect |
Date: | 2011-05-27 23:39:05 |
Message-ID: | 4DE03619.1060503@gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-novice |
Hello Alan,
You can also be very careful with your pg_hba.conf settings, and only
allow certain users connections:
http://www.postgresql.org/docs/current/interactive/auth-pg-hba-conf.html
Also, you can create the database with CONNECTION LIMIT 0, and only
superusers will be allowed to connect to it.
http://www.postgresql.org/docs/current/static/sql-createdatabase.html
You could then load the data, and change the connection limit, after
you've appropriately loaded the data.
Hope that helps. =)
Regards,
Lacey
> That is a ridiculous "nanosecond window" - the database you created is empty - nothing to connect to. Just load data AFTER the revoke.
>
> --- On Fri, 5/27/11, Alan Gutierrez<alan(at)prettyrobots(dot)com> wrote:
>
>
> From: Alan Gutierrez<alan(at)prettyrobots(dot)com>
> Subject: [NOVICE] Revoke Public Database Connect
> To: pgsql-novice(at)postgresql(dot)org
> Date: Friday, May 27, 2011, 2:55 PM
>
>
> I'm configuring a multi-tenant PostgreSQL server. When I create a new database, anyone can connect to it. For me, that is bad.
>
> I run:
>
> REVOKE CONNECT ON DATABASE d FROM public;
>
> Now I'm only able to connect to the database as postgres.
>
> I tired putting the create and revoke in a transaction, but create database cannot be put in a transaction. How do I create a database so there is not that nanosecond window where someone could connect to the database publiclly?
>
> --
> Alan Gutierrez - http://twitter.com/bigeasy - http://github.com/bigeasy
>
> -- Sent via pgsql-novice mailing list (pgsql-novice(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-novice
>
From | Date | Subject | |
---|---|---|---|
Next Message | Steve Crawford | 2011-05-27 23:43:48 | Re: Revoke Public Database Connect |
Previous Message | Francisco Leovey | 2011-05-27 23:05:20 | Re: Revoke Public Database Connect |