Re: Revoking usage of pg_catalog

2007/5/9, Scott Marlowe <smarlowe@g2switchworks.com>:
> On Wed, 2007-05-09 at 08:05, Daniel Cristian Cruz wrote:
> > Hi there!
> >
> > Is it possible to revoke usage of pg_catalog for a specific user?
> >
> > The reason is to secure PostgreSQL. If a user can connect to a
> > database, it could query pg_class, pg_attribute, pg_proc search for
> > specific tables and if using dblink, even database passwords...
>
> That's not security, it's obscurity.

Yes, I used the wrong expression.

> You can grant / revoke access to anything a user should or should not be
> able to access anyway.

It's a web application user. I was trying to make some database magic,
hardening SQL injections... But its wrong, the application must be
secure. Unfortunelly I can't have a database user for each web user...

Thanks...
--
Daniel Cristian Cruz