Обсуждение: database security

How do I ensure that a user cannot open someone else's database and
create tables there?  Right now all users have to use passwords and
they cannot see each others tables when they log into someone else's
database but they can create tables which the owner of the database
cannot remove.  This is annoying to me.  I don't want to have to warn
people that they will lose their priviliges.  I would like postgres to
not allow this.  Any advice?

gabor.
--
    pos += screamnext[pos]  /* does this goof up anywhere? */
        -- Larry Wall in util.c from the perl source code

>
> How do I ensure that a user cannot open someone else's database and
> create tables there?  Right now all users have to use passwords and
> they cannot see each others tables when they log into someone else's
> database but they can create tables which the owner of the database
> cannot remove.  This is annoying to me.  I don't want to have to warn
> people that they will lose their priviliges.  I would like postgres to
> not allow this.  Any advice?

See the pg_hba.conf file.  Looks especially for the 'sameuser' option.
It prevents you from having to list each user and database combination.

Let us know if that does not solve your problem.

--
Bruce Momjian                          |  830 Blythe Avenue
maillist@candle.pha.pa.us              |  Drexel Hill, Pennsylvania 19026
  +  If your life is a hard drive,     |  (610) 353-9879(w)
  +  Christ can be your backup.        |  (610) 853-3000(h)