2007/5/9, Scott Marlowe <smarlowe@xxxxxxxxxxxxxxxxx>:
On Wed, 2007-05-09 at 08:05, Daniel Cristian Cruz wrote: > Hi there! > > Is it possible to revoke usage of pg_catalog for a specific user? > > The reason is to secure PostgreSQL. If a user can connect to a > database, it could query pg_class, pg_attribute, pg_proc search for > specific tables and if using dblink, even database passwords... That's not security, it's obscurity.
Yes, I used the wrong expression.
You can grant / revoke access to anything a user should or should not be able to access anyway.
It's a web application user. I was trying to make some database magic, hardening SQL injections... But its wrong, the application must be secure. Unfortunelly I can't have a database user for each web user... Thanks... -- Daniel Cristian Cruz
