| From: | Tim Ellis <Tim(dot)Ellis(at)gamet(dot)com> |
|---|---|
| To: | "John Madden" <jmadden(at)ivytech(dot)edu> |
| Cc: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: security issue - database user |
| Date: | 2002-08-05 17:16:42 |
| Message-ID: | 20020805101642.106897a9.Tim.Ellis@gamet.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On Mon, 5 Aug 2002 11:01:34 -0500 (EST)
"John Madden" <jmadden(at)ivytech(dot)edu> wrote:
> (My apologies if this has been posted before - as you'll see, this isn't
> the easiest thing to find in the archives.)
> [SNIP]
> I can't modify/etc. any existing tables, as one would expect, but:
>
> somedb=> CREATE TABLE mytable(test text);
> CREATE
>
> Why is this allowed? Any way to prevent it? We've got a lot of users
> working on a development server that obviously has hba to quite a few
> databases...
I've seen it asked a few times on this list. Answer: future version of
Postgres will allow permissions to create tables to be defined. Current
versions of Postgres do not, so you can't curtail this behaviour.
If it were me, and it was REALLY IMPORTANT to disallow unauthorised
tables, I'd create a new table with a list of legit tables and have a
cronjob run every say 5 minutes that DROPS tables that don't belong in the
database.
--
Tim Ellis
Senior Database Architect
Gamet, Inc.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tim Ellis | 2002-08-05 17:24:43 | Re: pgsql for Solaris 8 (SPARC) |
| Previous Message | Adonis Damian | 2002-08-05 16:18:56 | pgsql for Solaris 8 (SPARC) |