| From: | Paul Jungwirth <pj(at)illuminatedcomputing(dot)com> |
|---|---|
| To: | pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Shared hosting with FDW on AWS RDS |
| Date: | 2019-02-10 23:19:48 |
| Message-ID: | c0a9b501-e922-c708-5e5f-8b3aa6245bad@illuminatedcomputing.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 2/10/19 2:57 PM, auxsvr wrote:
> We'd like to configure an RDS server for shared hosting. The idea is that every customer will be using a different database and FDW will be configured, so that the remote tables have access to the full data
I've set up something like this before (but on EC2), and the only
problem I couldn't solve was that any user can see your full customer
list by typing `\l` or `\du`. They can't see other customers' stuff, but
they can see how many customers you have and their database/login names.
The only way around it I know is that run separate "clusters" aka RDS
instances.
You can try to lock this down somewhat by revoking access to various
system tables, but it starts breaking a lot of tools (e.g. some GUI
tools don't know what to do if they get an error just listing the
databases). Also it is so piecemeal I wouldn't trust that I'd blocked
off all avenues of getting the information.
I'd love to be corrected on this btw if anyone has better information! :-)
--
Paul ~{:-)
pj(at)illuminatedcomputing(dot)com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2019-02-10 23:20:59 | Re: Unused files in the database directory after crashed VACUUM FULL |
| Previous Message | auxsvr | 2019-02-10 22:57:23 | Shared hosting with FDW on AWS RDS |