Again boring admin question:
I found that all users have access to pg_class etc. by default. In my opinion this causes some security questions or at least can make users curious about things they should not.
e.g. SELCT * FROM pg_tables where table_name like '%customer_accountings%';
Probably this user should NOT know, that there are some customer_accountings on this system???
How do you solve this problem?
Would it not be usefull to have some views like all_tables, user_tables etc. (like a big db company does) for preventing acces to pg_tables (= dba_tables)?
How is it recommended to revoke the rights to pg_xxx?
REVOKE ALL PRIVS FROM PUBLIC... (like pgdump does)
And then create own access rules?
It seems to me, that e.g. php_mod for apache does not work properly after this becaus they do NOT find e.g. column names anymore (clear: he does not have access to pg_tables, etc. anymore!)
Any hint is welcome
Oli
-------------------------------------------------------
Oli Sennhauser Database-Engineer (Oracle & PostgreSQL) Rebenweg 6 CH - 8610 Uster / Switzerland
Phone (+41) 1 940 24 82 or Mobile (+41) 79 450 49 14 e-Mail [EMAIL PROTECTED] Website http://mypage.bluewin.ch/shinguz/PostgreSQL/
Secure (signed/encrypted) e-Mail with a Free Personal SwissSign ID: http://www.swisssign.ch
Import the SwissSign Root Certificate: http://swisssign.net/cgi-bin/trust/import
smime.p7s
Description: S/MIME Cryptographic Signature
