On Sun, Feb 10, 2019 at 03:19:48PM -0800, Paul Jungwirth wrote: > On 2/10/19 2:57 PM, auxsvr wrote: > >We'd like to configure an RDS server for shared hosting. The idea is that every customer will be using a different database and FDW will be configured, so that the remote tables have access to the full data > > I've set up something like this before (but on EC2), and the only problem I > couldn't solve was that any user can see your full customer list by typing > `\l` or `\du`. They can't see other customers' stuff, but they can see how > many customers you have and their database/login names. The only way around > it I know is that run separate "clusters" aka RDS instances. > > You can try to lock this down somewhat by revoking access to various system > tables, but it starts breaking a lot of tools (e.g. some GUI tools don't > know what to do if they get an error just listing the databases). Also it is > so piecemeal I wouldn't trust that I'd blocked off all avenues of getting > the information. > > I'd love to be corrected on this btw if anyone has better information! :-) Heroku had that issue and used hash values for the user and database names. -- Bruce Momjian <bruce@xxxxxxxxxx> http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Ancient Roman grave inscription +
