Opinion wanted: Default select rights for users via public schema

Поиск
Список
Период
Сортировка
От Oli Sennhauser
Тема Opinion wanted: Default select rights for users via public schema
Дата
Msg-id 3FE6D378.3020008@bluewin.ch
обсуждение исходный текст
Ответы Re: Opinion wanted: Default select rights for users via public schema  (Tom Lane <tgl@sss.pgh.pa.us>)
Список pgsql-admin
Hi

Again boring admin question:

I found that all users have access to pg_class etc. by default. In my
opinion this causes some security questions or at least can make users
curious about things they should not.

e.g. SELCT * FROM pg_tables where table_name like '%customer_accountings%';

Probably this user should NOT know, that there are some
customer_accountings on this system???

How do you solve this problem?

Would it not be usefull to have some views like all_tables, user_tables
etc. (like a big db company does) for preventing acces  to pg_tables (=
dba_tables)?

How is it recommended to revoke the rights to pg_xxx?

REVOKE ALL PRIVS FROM PUBLIC... (like pgdump does)

And then create own access rules?

It seems to me, that e.g. php_mod for apache does not work properly
after this becaus they do NOT find e.g. column names anymore (clear: he
does not have access to pg_tables, etc. anymore!)

Any hint is welcome

Oli

-------------------------------------------------------

Oli Sennhauser
Database-Engineer (Oracle & PostgreSQL)
Rebenweg 6
CH - 8610 Uster / Switzerland

Phone (+41) 1 940 24 82 or Mobile (+41) 79 450 49 14
e-Mail oli.sennhauser@bluewin.ch
Website http://mypage.bluewin.ch/shinguz/PostgreSQL/

Secure (signed/encrypted) e-Mail with a Free Personal SwissSign ID: http://www.swisssign.ch

Import the SwissSign Root Certificate: http://swisssign.net/cgi-bin/trust/import


Вложения

В списке pgsql-admin по дате отправления:

Предыдущее
От: Oli Sennhauser
Дата:
Сообщение: CREATE USER system privilege?
Следующее
От: Tom Lane
Дата:
Сообщение: Re: CREATE USER system privilege?