From: | Rob Sargent <robjsargent(at)gmail(dot)com> |
---|---|
To: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "pgsql-generallists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
Subject: | Re: connect permission based on database name |
Date: | 2022-05-25 14:45:26 |
Message-ID: | 780bcde5-f068-abfe-89d7-cf7631bb36ba@gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On 5/25/22 08:44, David G. Johnston wrote:
> On Wednesday, May 25, 2022, Rob Sargent <robjsargent(at)gmail(dot)com> wrote:
>
> On 5/25/22 08:20, Tom Lane wrote:
>> Rob Sargent<robjsargent(at)gmail(dot)com> <mailto:robjsargent(at)gmail(dot)com> writes:
>>> Just wondering if I've bumped into some security issue.
>>> I'm somewhat surprised that "grant connect to database <dbname> to
>>> <role>" appears to be stored "by name"?
>> I think you are forgetting that databases have a default GRANT CONNECT
>> TO PUBLIC. You need to revoke that before other grants/revokes will
>> have any functional effect.
>>
>> regards, tom lane
> And then the search path is "just a string"?
>
>
>
> Search_path isn’t a security component and accepts, but ignores,
> unknown names. So yes, it is just a string.
>
> David J.
>
Roger that, thanks.
From | Date | Subject | |
---|---|---|---|
Next Message | Carsten Klein | 2022-05-25 14:48:55 | Re: Connect to specific cluster on command line |
Previous Message | David G. Johnston | 2022-05-25 14:44:18 | Re: connect permission based on database name |