From: | Frank Eckes <frank(dot)eckes(at)online(dot)de> |
---|---|
To: | pgsql-admin(at)lists(dot)postgresql(dot)org |
Subject: | security issues |
Date: | 2021-12-10 14:33:36 |
Message-ID: | 5235c46a-508e-f084-c8bc-738a6e99fd44@online.de |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
Hi everybody,
To access data in a PostgreSQL database I write queries which contains
the business rules
how t access data. This is working fine and also the permission are
working fine.
But I found out that a user can see the complete business rules in a
query or a procedure which is
a big security issue.
Is there e possibility that I can hide the definition and th user can
only see the data or can execute
the procedure/function.
And even worse, if i define a foreign server (e.g ORACLE) everybody can
see the credentials in a user mapping
which should not be allowed. This might be a show stopper of using
PostgreSQL in security environments.
Regards
Frank Eckes
From | Date | Subject | |
---|---|---|---|
Next Message | Laurenz Albe | 2021-12-10 16:20:19 | Re: security issues |
Previous Message | Laurenz Albe | 2021-12-10 12:55:26 | Re: Last login time |