| From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
|---|---|
| To: | Frank Eckes <frank(dot)eckes(at)online(dot)de> |
| Cc: | "pgsql-admin(at)lists(dot)postgresql(dot)org" <pgsql-admin(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: security issues |
| Date: | 2021-12-10 16:21:47 |
| Message-ID: | CAKFQuwaHx7YzHxYoH9VX=fpTc73xCX09C5m1EVp7GRffT65jKw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On Friday, December 10, 2021, Frank Eckes <frank(dot)eckes(at)online(dot)de> wrote:
>
> Is there e possibility that I can hide the definition and th user can only
> see the data or can execute
>
> the procedure/function.
No. This comes up every so often so the archives are a good place to find
a more lengthy discussion.
> And even worse, if i define a foreign server (e.g ORACLE) everybody can
> see the credentials in a user mapping
>
> which should not be allowed. This might be a show stopper of using
> PostgreSQL in security environments.
>
>
This one is a bit more nuanced and I’m not as familiar with the specifics.
For a PostgreSQL server I would setting up pg_hba.conf to allow a
non-password connection from the specific machine and user so that password
credentials are simply not required.
David J.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2021-12-10 16:41:27 | Re: security issues |
| Previous Message | Laurenz Albe | 2021-12-10 16:20:19 | Re: security issues |