From: | Heni Lolov <hal_bg(at)yahoo(dot)com> |
---|---|
To: | Rasmus Mohr <rmo(at)Netpointers(dot)com> |
Cc: | pgsql-admin(at)postgresql(dot)org |
Subject: | Re: create table permission |
Date: | 2002-06-19 09:06:53 |
Message-ID: | 20020619090653.34173.qmail@web21003.mail.yahoo.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
This ain't a bug!
This is lack of an inportant reature feature.
--- Rasmus Mohr <rmo(at)Netpointers(dot)com> wrote:
> Hmmm you may be right, i can't really tell. Did you submit this as a bug?
>
> --------------------------------------------------------------
> Rasmus T. Mohr Direct : +45 36 910 122
> Application Developer Mobile : +45 28 731 827
> Netpointers Intl. ApS Phone : +45 70 117 117
> Vestergade 18 B Fax : +45 70 115 115
> 1456 Copenhagen K Email : mailto:rmo(at)netpointers(dot)com
> Denmark Website : http://www.netpointers.com
>
> "Remember that there are no bugs, only undocumented features."
> --------------------------------------------------------------
>
> > -----Original Message-----
> > From: Heni Lolov [mailto:hal_bg(at)yahoo(dot)com]
> > Sent: Wednesday, June 19, 2002 10:40 AM
> > To: Rasmus Mohr
> > Subject: RE: [ADMIN] create table permission
> >
> >
> > What about
> > a cycle taht does:
> > create table table1(....);
> > create table table2(....);
> > ....................
> > create table tableN(....);
> >
> > and another:
> > insert into table1 values(.....);
> > insert into table2 values(.....);
> > ....................
> > insert into tablen values(.....);
> >
> > And so on till out fo disk spoace occurs.
> > This could be done by even the most restricted users taht can
> > access the
> > database.
> >
> > Isn't is a huge and obvious secyrity hole?
> >
> > Hal
> >
> > --- Rasmus Mohr <rmo(at)Netpointers(dot)com> wrote:
> > > What 'bout:
> > >
> > > REVOKE ALL ON "table_name" FROM PUBLIC;
> > > GRANT ALL ON "table_name" TO "postgres";
> > > GRANT SELECT ON "table_name" TO "select_user";
> > >
> > > ???
> > >
> > > --------------------------------------------------------------
> > > Rasmus T. Mohr Direct : +45 36 910 122
> > > Application Developer Mobile : +45 28 731 827
> > > Netpointers Intl. ApS Phone : +45 70 117 117
> > > Vestergade 18 B Fax : +45 70 115 115
> > > 1456 Copenhagen K Email : mailto:rmo(at)netpointers(dot)com
> > > Denmark Website : http://www.netpointers.com
> > >
> > > "Remember that there are no bugs, only undocumented features."
> > > --------------------------------------------------------------
> > >
> > > > -----Original Message-----
> > > > From: pgsql-admin-owner(at)postgresql(dot)org
> > > > [mailto:pgsql-admin-owner(at)postgresql(dot)org]On Behalf Of Heni Lolov
> > > > Sent: Wednesday, June 19, 2002 10:17 AM
> > > > To: pgsql-admin(at)postgresql(dot)org
> > > > Subject: Re: [ADMIN] create table permission
> > > >
> > > >
> > > > Hi,
> > > >
> > > > This is the nost stupid thing in PostgreSQL, but there is no
> > > > CREATE TABLE
> > > > privilege :(((((((
> > > > Everybody CAN create tables. Unfortunately it will not be
> > > > inplemented even in
> > > > Pg 7.3 according to TODO list. The developers do not consider
> > > > it as important
> > > > feature. In my opinion this is the most obvious security hole
> > > > in PostgreSQL.
> > > > Really Stupid but FACT!!!!!
> > > >
> > > > HEY PEOPLE WILL YOU EVER FIX IT?
> > > >
> > > > Hal
> > > >
> > > > --- bertdd(at)lumumba(dot)luc(dot)ac(dot)be wrote:
> > > > > How can I give SELECT privileges to a table of a database
> > > > without giving
> > > > > CREATE TABLE privileges to that database ?
> > > > >
> > > > > Bert De Decker
> > > > >
> > > > >
> > > > > ---------------------------(end of
> > > > broadcast)---------------------------
> > > > > TIP 6: Have you searched our list archives?
> > > > >
> > > > > http://archives.postgresql.org
> > > >
> > > >
> > > > __________________________________________________
> > > > Do You Yahoo!?
> > > > Yahoo! - Official partner of 2002 FIFA World Cup
> > > > http://fifaworldcup.yahoo.com
> > > >
> > > > ---------------------------(end of
> > > > broadcast)---------------------------
> > > > TIP 6: Have you searched our list archives?
> > > >
> > > > http://archives.postgresql.org
> > > >
> > > >
> >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Yahoo! - Official partner of 2002 FIFA World Cup
> > http://fifaworldcup.yahoo.com
> >
> >
__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com
From | Date | Subject | |
---|---|---|---|
Next Message | Jean-Christophe ARNU (JX) | 2002-06-19 09:09:00 | index keeps on growing |
Previous Message | Heni Lolov | 2002-06-19 08:40:23 | Re: create table permission |