Search Postgresql Archives

Re: Unauthorized users can see db schema and read functions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Willy-Bas Loos wrote:
Hi,

I've noticed that any user who can logon to a db cluster can read the schema of all databases in it, including the code of all plpgsql functions. Even in
schema's he/she doesn't have access to.
[snip]
o  Why is schema information not restricted?
o Is there any way to prevent this, other than starting another cluster for
this user's database

The short answer is "because it's always been this way".

The long answer is that users are per-cluster not per-database. So, they need a certain amount of access to the system tables just to connect and do anything. Now, in some cases there are views over the system tables that provide restricted access (compare pg_user to pg_shadow) but they aren't everywhere.

However, you can use pg_hba.conf to restrict access to a database entirely.

--
  Richard Huxton
  Archonet Ltd


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux