| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Daniel Rubio <drubior(at)tinet(dot)org> |
| Cc: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: Security Problem |
| Date: | 2003-10-14 13:50:56 |
| Message-ID: | 8759.1066139456@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Daniel Rubio <drubior(at)tinet(dot)org> writes:
> I'm mantaining a Postgres installation on an ISP, and I see a relativly
> important security issue.
> I can connect to postgres with a normal user login and take a look to
> the database structure of all the other databases on the installation.
That is correct; we do not consider it a security problem. If you don't
want a user to be able to look at the system catalogs of a database, you
need to disallow him from connecting to that database at all. (See
pg_hba.conf for this, not GRANT/REVOKE.)
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Greg Spiegelberg | 2003-10-14 14:01:51 | Multiple databases |
| Previous Message | Jeff | 2003-10-14 13:47:56 | Re: Security Problem |