Hello List,
I was wondering if there is something like
a best practice document for running
PostgreSQL (probably 8.3.3) securely in a shared
Web+DB hosting environment, where different
people without any administrative relationship
between them may run their databases on
the same server.
I am particularly interested in the
role, permission and schema layout.
Also I'm worried about the amount of information
available to ordinary DB users. For instance,
without revoking access to pg_catalog from
PUBLIC all users can see the usernames,
database names etc. of all other users. But
revoking the right from pg_catalog doesn't
seem to be an option, as this breaks
several features of the psql utility and probably
other things.
Thanks & Best Regards,
Thomas