| From: | Bruno Wolff III <bruno(at)wolff(dot)to> |
|---|---|
| To: | juanmime(at)ono(dot)com |
| Cc: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: How to deny remote backups ? |
| Date: | 2005-03-04 17:45:35 |
| Message-ID: | 20050304174535.GA25380@wolff.to |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On Fri, Mar 04, 2005 at 17:33:02 +0100,
juanmime(at)ono(dot)com wrote:
>
> OK. but I think that an aproximation to the solution or a half solution could
> be deny the user consulting the system database catalog or (pg_tables). In
> that case, the user is not able to know the name of the tables inside the
> db, and therefore he does not know which are the tables to dump. I think
> also, that pg_dump could fail at this scenario.
> 1. What do you think about this ?
I don't think it is a good idea. Since you are worried about this, I am going
to guess that the users are running a client (such as psql) to do their
inserts and deletes. If so, they are going to be able to find out the
table names. If this isn't the case and everything is being done by
an application running on the server, then you should be having that
application control access.
> 2. Is it possible (deny the access to the system catalog or tables (like
> pg_tables) to a certain user ?
You will break things if you prevent people from reading the system catalogs.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Scott Marlowe | 2005-03-04 17:50:34 | Re: PG shutdown itself? |
| Previous Message | Lee Wu | 2005-03-04 17:38:02 | PG shutdown itself? |