From: | Haroldo Stenger <haroldo(dot)stenger(at)gmail(dot)com> |
---|---|
To: | |
Cc: | pgsql-admin(at)lists(dot)postgresql(dot)org |
Subject: | Re: security issues |
Date: | 2021-12-10 16:52:53 |
Message-ID: | CAEse+z-bHUeRji-j7Ngs8_-rTsuGFFC3weUSr0DUh9pdqT=EkQ@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
Set up two postgresql databases.
In one of them you have the tables and the secret views, and restrict
access to the secret views to a 'postgres_restricted' user.
In the other one database define:
create extension postgres_fdw;
create server compras_y_costos foreign data wrapper postgres_fdw options
(host 'localhost', port '5432', dbname 'database_which_holds_the
tables_and_the_secret_view');
create user mapping for postgres server ..... options (user
'postgres_restricted', password 'postgres_restricted_password');
create foreign table remote_reference__to_secret_view ()...
Then grant public access to the views via the wrapper.
this should work fine.
El vie, 10 dic 2021 a la(s) 11:33, Frank Eckes (frank(dot)eckes(at)online(dot)de)
escribió:
> Hi everybody,
>
> To access data in a PostgreSQL database I write queries which contains
> the business rules
>
> how t access data. This is working fine and also the permission are
> working fine.
>
> But I found out that a user can see the complete business rules in a
> query or a procedure which is
>
> a big security issue.
>
> Is there e possibility that I can hide the definition and th user can
> only see the data or can execute
>
> the procedure/function.
>
> And even worse, if i define a foreign server (e.g ORACLE) everybody can
> see the credentials in a user mapping
>
> which should not be allowed. This might be a show stopper of using
> PostgreSQL in security environments.
>
>
> Regards
>
> Frank Eckes
>
>
>
>
From | Date | Subject | |
---|---|---|---|
Next Message | Wells Oliver | 2021-12-10 22:53:20 | Very slow 101-feeling design/query.. |
Previous Message | Tom Lane | 2021-12-10 16:41:27 | Re: security issues |