Re: Shared hosting with FDW on AWS RDS

On 2019-02-14 10:21 p.m., Bruce Momjian wrote:
> On Sun, Feb 10, 2019 at 03:19:48PM -0800, Paul Jungwirth wrote:
>> On 2/10/19 2:57 PM, auxsvr wrote:
>>> We'd like to configure an RDS server for shared hosting. The idea is that every customer will be using a different database and FDW will be configured, so that the remote tables have access to the full data
>> I've set up something like this before (but on EC2), and the only problem I
>> couldn't solve was that any user can see your full customer list by typing
>> `\l` or `\du`. They can't see other customers' stuff, but they can see how
>> many customers you have and their database/login names. The only way around
>> it I know is that run separate "clusters" aka RDS instances.
>>
>> You can try to lock this down somewhat by revoking access to various system
>> tables, but it starts breaking a lot of tools (e.g. some GUI tools don't
>> know what to do if they get an error just listing the databases). Also it is
>> so piecemeal I wouldn't trust that I'd blocked off all avenues of getting
>> the information.
>>
>> I'd love to be corrected on this btw if anyone has better information! :-)
> Heroku had that issue and used hash values for the user and database
> names.

Yes, we have the same problem here...

We want to consolidate users and databases and we can do it easily with
PostgreSQL, while that's not easily the case with some other RDBMS.

Even if we can mask real clients name by using hashes, it is still sort
of an information leakage that our security team is concerned about, and
that is a burden to manage from our clients.

It would be nice to have PG to not list things you don't have rights to.
I think that MySQL "show databases" list only stuff you have access to.
Would modifying pg_catalog views make it possible?

Thanks

Bruno