| From: | Zouari Fourat <fourat(at)gmail(dot)com> |
|---|---|
| To: | John DeSoi <desoi(at)pgedit(dot)com> |
| Cc: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: problems with user rights |
| Date: | 2005-03-30 15:17:54 |
| Message-ID: | 621eda8a0503300717ca9a63a@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
is it really secure in a shared hosting environnement case ?
do you advise me to offer pgsql in a shared hosting ?
On Wed, 30 Mar 2005 08:04:00 -0500, John DeSoi <desoi(at)pgedit(dot)com> wrote:
> > i've just added a new user called xxx :
> >
> > create user xxx with password zzz;
> >
> > now am creating it's database :
> >
> > create database db_xxx with owner xxx;
> >
> > it works fine althought when logging with the user xxx i can still
> > view other databases contents especially pg_catalog schems.
> >
> > is it the right way to add a user ? am i wrong ?
> > i dont want to let my new user view the others databases on the server.
>
> Viewing the information in the system catalogs is open to all users.
> There is not a way to hide it unless you build an interface on top of
> PostgreSQL that limits the queries the user can execute.
>
> John DeSoi, Ph.D.
> http://pgedit.com/
> Power Tools for PostgreSQL
>
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Chris Browne | 2005-03-30 15:36:33 | Re: Many persistant client connections |
| Previous Message | Marco Carvalho | 2005-03-30 14:51:37 | multiple servers updating from/to one |