Re: Increasing security in a shared environment ...

On Mon, 29 Mar 2004, Marc G. Fournier wrote:

> On Mon, 29 Mar 2004, Dave Page wrote:
>
> > It's rumoured that Euler Taveira de Oliveira once said:
> > > Hi Christopher,
> > >
> > >> > "The \l command should only list databases that the current user is
> > >> > authorized for, the \du command should only list users authorized
> > >> > for the current database (and perhaps only superusers should get
> > >> > even that much information), etc. Perhaps it is possible to set PG
> > >> > to do this, but that should probably be the default."
> > >> >
> > > Seem reasonable. Why not prevent normal users to dig on the pg_catalog?
> > > What is the impact of it?
> >
> > Because they can't use tools like pgAdmin or phpPgAdmin unless they can at
> > least read all the catalogs.
>
> k, but what I'm suggesting shouldn't prevent that, should it? They should
> only be able to see those resources that they have permissions to see, not
> all of them ... no?

I think an auto-filtering system for \l and other backslash commands as
needed, makes a lot more sense than trying
to deny access to the catalogs. Obscuring them for security reasons is no
win, really. Obscuring them so user number 1,000,000 in his own database
doesn't have to look at user numbers 1 through 999,999 to see his database
go by.

While I'm not sure I'd build a 1,000,000 user database, somewhere between
the 80 we currently have at work and a few thousand you'd go nuts if you
saw a bunch of data that didn't belong to you every time you hit \l.