Re: security issue - database user

From: Tim Ellis <Tim(dot)Ellis(at)gamet(dot)com>
To: "John Madden" <jmadden(at)ivytech(dot)edu>
Cc: pgsql-admin(at)postgresql(dot)org
Subject: Re: security issue - database user
Date: 2002-08-05 17:16:42
Message-ID: 20020805101642.106897a9.Tim.Ellis@gamet.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

On Mon, 5 Aug 2002 11:01:34 -0500 (EST)
"John Madden" <jmadden(at)ivytech(dot)edu> wrote:

> (My apologies if this has been posted before - as you'll see, this isn't
> the easiest thing to find in the archives.)
> [SNIP]
> I can't modify/etc. any existing tables, as one would expect, but:
>
> somedb=> CREATE TABLE mytable(test text);
> CREATE
>
> Why is this allowed? Any way to prevent it? We've got a lot of users
> working on a development server that obviously has hba to quite a few
> databases...

I've seen it asked a few times on this list. Answer: future version of
Postgres will allow permissions to create tables to be defined. Current
versions of Postgres do not, so you can't curtail this behaviour.

If it were me, and it was REALLY IMPORTANT to disallow unauthorised
tables, I'd create a new table with a list of legit tables and have a
cronjob run every say 5 minutes that DROPS tables that don't belong in the
database.

--
Tim Ellis
Senior Database Architect
Gamet, Inc.

In response to

Browse pgsql-admin by date

  From Date Subject
Next Message Tim Ellis 2002-08-05 17:24:43 Re: pgsql for Solaris 8 (SPARC)
Previous Message Adonis Damian 2002-08-05 16:18:56 pgsql for Solaris 8 (SPARC)