| From: | "Daniel Cristian Cruz" <danielcristian(at)gmail(dot)com> |
|---|---|
| To: | |
| Cc: | pgsql-admin <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Re: Revoking usage of pg_catalog |
| Date: | 2007-05-09 18:09:41 |
| Message-ID: | 48d0cacb0705091109n6e944fd9vc1bc8a12e6596bc9@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
2007/5/9, Scott Marlowe <smarlowe(at)g2switchworks(dot)com>:
> On Wed, 2007-05-09 at 08:05, Daniel Cristian Cruz wrote:
> > Hi there!
> >
> > Is it possible to revoke usage of pg_catalog for a specific user?
> >
> > The reason is to secure PostgreSQL. If a user can connect to a
> > database, it could query pg_class, pg_attribute, pg_proc search for
> > specific tables and if using dblink, even database passwords...
>
> That's not security, it's obscurity.
Yes, I used the wrong expression.
> You can grant / revoke access to anything a user should or should not be
> able to access anyway.
It's a web application user. I was trying to make some database magic,
hardening SQL injections... But its wrong, the application must be
secure. Unfortunelly I can't have a database user for each web user...
Thanks...
--
Daniel Cristian Cruz
| From | Date | Subject | |
|---|---|---|---|
| Next Message | ebmb | 2007-05-09 19:43:55 | User rights |
| Previous Message | Scott Marlowe | 2007-05-09 17:52:59 | Re: Revoking usage of pg_catalog |