Opinion wanted: Default select rights for users via public schema

Hi

Again boring admin question:

I found that all users have access to pg_class etc. by default. In my
opinion this causes some security questions or at least can make users
curious about things they should not.

e.g. SELCT * FROM pg_tables where table_name like '%customer_accountings%';

Probably this user should NOT know, that there are some
customer_accountings on this system???

How do you solve this problem?

Would it not be usefull to have some views like all_tables, user_tables
etc. (like a big db company does) for preventing acces to pg_tables (=
dba_tables)?

How is it recommended to revoke the rights to pg_xxx?

REVOKE ALL PRIVS FROM PUBLIC... (like pgdump does)

And then create own access rules?

It seems to me, that e.g. php_mod for apache does not work properly
after this becaus they do NOT find e.g. column names anymore (clear: he
does not have access to pg_tables, etc. anymore!)

Any hint is welcome

Oli

-------------------------------------------------------

Oli Sennhauser
Database-Engineer (Oracle & PostgreSQL)
Rebenweg 6
CH - 8610 Uster / Switzerland

Phone (+41) 1 940 24 82 or Mobile (+41) 79 450 49 14
e-Mail oli(dot)sennhauser(at)bluewin(dot)ch
Website http://mypage.bluewin.ch/shinguz/PostgreSQL/

Secure (signed/encrypted) e-Mail with a Free Personal SwissSign ID: http://www.swisssign.ch

Import the SwissSign Root Certificate: http://swisssign.net/cgi-bin/trust/import