| From: | Daniel Rubio <drubior(at)tinet(dot)org> |
|---|---|
| To: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Security Problem |
| Date: | 2003-10-14 09:32:03 |
| Message-ID: | 3F8BC293.7080606@tinet.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Hi to all
I'm mantaining a Postgres installation on an ISP, and I see a relativly
important security issue.
I can connect to postgres with a normal user login and take a look to
the database structure of all the other databases on the installation.
This is very visual with PGadmin. I connect as a simple user, and I
can't create or select data from other's database, but i can see which
databases exists on the system and look at the tables and columns of
each of them (and i don't want it).
I've tried to solve it with:
REVOKE ALL PRIVILEGES ON DATABASE x FROM PUBLIC;
REVOKE ALL PRIVILEGES ON SCHEMA public FROM PUBLIC;
REVOKE ALL PRIVILEGES ON SCHEMA public FROM GROUP users;
...
And I still can to look at the others database structure (connecting as
a non privileged user) ...
How I could solve this?
Thanks
--
********************************************************
Daniel Rubio Rodríguez
********************************************************
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jeff | 2003-10-14 13:47:56 | Re: Security Problem |
| Previous Message | Szabó Péter | 2003-10-13 10:33:22 | Lock! |