Search Postgresql Archives

Unauthorized users can see db schema and read functions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I've noticed that any user who can logon to a db cluster can read the schema of all databases in it, including the code of all plpgsql functions. Even in schema's he/she doesn't have access to. For tables it just says 'access denied for schema bla', after which the structure is still shown to the user. For functions, there is no warning at all, you can just read (copy, paste) away.
I use pgAdmin3 1.6.2 as a front-end for both linux and windows servers, but I don't think restricting schema information should be a front-end responsibility.

o  Why is schema information not restricted?
o  Is there any way to prevent this, other than starting another cluster for this user's database

thx!

Willy-Bas

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux