| From: | Frank Eckes <frank(dot)eckes(at)online(dot)de> |
|---|---|
| To: | pgsql-admin(at)lists(dot)postgresql(dot)org |
| Subject: | security issues |
| Date: | 2021-12-10 14:33:36 |
| Message-ID: | 5235c46a-508e-f084-c8bc-738a6e99fd44@online.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Hi everybody,
To access data in a PostgreSQL database I write queries which contains
the business rules
how t access data. This is working fine and also the permission are
working fine.
But I found out that a user can see the complete business rules in a
query or a procedure which is
a big security issue.
Is there e possibility that I can hide the definition and th user can
only see the data or can execute
the procedure/function.
And even worse, if i define a foreign server (e.g ORACLE) everybody can
see the credentials in a user mapping
which should not be allowed. This might be a show stopper of using
PostgreSQL in security environments.
Regards
Frank Eckes
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Laurenz Albe | 2021-12-10 16:20:19 | Re: security issues |
| Previous Message | Laurenz Albe | 2021-12-10 12:55:26 | Re: Last login time |