>
> On Sun, 11 Jan 1998, Bruce Momjian wrote:
>
> > > Wait, let me just get this straight here...pg_user is, by default,
> > > unreadable by the general public, but is changeable just using a simple
> > > grant/revoke??
> > >
> > > If so, I'm confused as to why this is a bad thing? Bruce? Sort
> > > of seems to me that its like the TCP/Unix Socket argument...go to the most
> > > secure first, then let the one setting it up downgrade as they feel is
> > > appropriate...no?
> >
> > OK, general question. Does pg_user need to be readable? Do
> > non-postgres users want to see who owns each table? I don't know.
>
> Erk...hrmmm...my understanding is that if pg_user is non-readable, then
> doing a \d to list tables won't tell me who owns any of the tables...which
> could be a problem if multiple users have access to the same database, but
> have "personal tables"?
>
> Actually, right now I think that this is one of the potential problems
> I brought up previous...
>
> If I create a database, *anyone* that is a user (createuser <>) has access
> to that database...granted that I can use the 'revoke' command to restrict
> table access, there should be some means of restricting a database (and its
> tables) to the owner of that database...
>
> On top of that, a table/database should be restricted by default...for
> example, this should not happen:
Yes, I agree we should be able to restrict who gets into which
databases. It is on the TODO list.
* More access control over who can create tables and access the database
The reason it doesn't get complained about more is that many commercial
databases have similar lack of funciontality.
--
Bruce Momjian
maillist@candle.pha.pa.us