> "The \l command should only list databases that the current user is
> authorized for, the \du command should only list users authorized for the
> current database (and perhaps only superusers should get even that much
> information), etc. Perhaps it is possible to set PG to do this, but that
> should probably be the default."
>
> This is from a PgSQL vs MySQL thread on -general ... how hard would it be
> make it so that a non-superuse user can't do a \l and see everyone's
> databases? Or, when doing a \d in a database you are able to connect to,
> it would only show those tables that you are authorized for?
Well, you can just go SELECT * FROM pg_database; so fixing \l won't do
anything.
I too would like to see more security in this respect, but it will be
difficult if not impossible to implement methinks...
Chris