On Fri, 2021-12-10 at 15:33 +0100, Frank Eckes wrote: > To access data in a PostgreSQL database I write queries which contains > the business rules > > how t access data. This is working fine and also the permission are > working fine. > > But I found out that a user can see the complete business rules in a > query or a procedure which is > > a big security issue. > > Is there e possibility that I can hide the definition and th user can > only see the data or can execute > > the procedure/function. No, there is no good way to do that. It is very unusual to put secret information into a view definition... > And even worse, if i define a foreign server (e.g ORACLE) everybody can > see the credentials in a user mapping > > which should not be allowed. This might be a show stopper of using > PostgreSQL in security environments. Then you use Oracle external authentication, for example with a secure key store on the PostgreSQL server. Then you don't need a password. Yours, Laurenz Albe -- Cybertec | https://www.cybertec-postgresql.com
