Re: Security Problem

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Daniel Rubio <drubior(at)tinet(dot)org>
Cc: pgsql-admin(at)postgresql(dot)org
Subject: Re: Security Problem
Date: 2003-10-14 13:50:56
Message-ID: 8759.1066139456@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

Daniel Rubio <drubior(at)tinet(dot)org> writes:
> I'm mantaining a Postgres installation on an ISP, and I see a relativly
> important security issue.
> I can connect to postgres with a normal user login and take a look to
> the database structure of all the other databases on the installation.

That is correct; we do not consider it a security problem. If you don't
want a user to be able to look at the system catalogs of a database, you
need to disallow him from connecting to that database at all. (See
pg_hba.conf for this, not GRANT/REVOKE.)

regards, tom lane

In response to

Browse pgsql-admin by date

  From Date Subject
Next Message Greg Spiegelberg 2003-10-14 14:01:51 Multiple databases
Previous Message Jeff 2003-10-14 13:47:56 Re: Security Problem