Hello List, I was wondering if there is something like a best practice document for running PostgreSQL (probably 8.3.3) securely in a shared Web+DB hosting environment, where different people without any administrative relationship between them may run their databases on the same server. I am particularly interested in the role, permission and schema layout. Also I'm worried about the amount of information available to ordinary DB users. For instance, without revoking access to pg_catalog from PUBLIC all users can see the usernames, database names etc. of all other users. But revoking the right from pg_catalog doesn't seem to be an option, as this breaks several features of the psql utility and probably other things. Thanks & Best Regards, Thomas
Attachment:
signature.asc
Description: This is a digitally signed message part