Re: Fwd: Identify system databases
| От | David G. Johnston |
|---|---|
| Тема | Re: Fwd: Identify system databases |
| Дата | |
| Msg-id | CAKFQuwZA7YRtHTdkLCVrVCQr2bns_p2C2rC558DyGYC49OQy+g@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Fwd: Identify system databases (Dominique Devienne <ddevienne@gmail.com>) |
| Ответы |
Re: Fwd: Identify system databases
|
| Список | pgsql-general |
On Wed, Apr 16, 2025 at 8:07 AM Dominique Devienne <ddevienne@gmail.com> wrote:
On Wed, Apr 16, 2025 at 4:39 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Laurenz Albe <laurenz.albe@cybertec.at> writes:
> > On Wed, 2025-04-16 at 10:09 +0200, Dominique Devienne wrote:
So in a way, you guys are saying one should never REVOKE CONNECT ON
DATABASE FROM PUBLIC?
All my DBs are not PUBLIC-accessible.
And inside my DBs, I try to revoke everything from PUBLIC
(USAGE ON TYPES, EXECUTE ON ROUTINES).
Nor do I use the public schema.
And I never use the "built-in" postgres database.
Basically I want all GRANTs to be explicit.
Given the above, I'd want to not provide access to the postgres DB too.
Yet have a way to discover which DBs I can connect to, from the "cluster only".
Kinda surprised you don't consider this a feature...give all of your databases UUID names and ensure that non-superusers must be told the databases they are allowed to connect to.
But feel free to work out a design and add it to the ToDo list for the v4 protocol. The use case seems reasonable and doable (on the basis of the replication protocol works).
David J.
В списке pgsql-general по дате отправления: