2007/5/9, Scott Marlowe <[EMAIL PROTECTED]>:
On Wed, 2007-05-09 at 08:05, Daniel Cristian Cruz wrote:
> Hi there!
>
> Is it possible to revoke usage of pg_catalog for a specific user?
>
> The reason is to secure PostgreSQL. If a user can connect to a
> database, it could query pg_class, pg_attribute, pg_proc search for
> specific tables and if using dblink, even database passwords...
That's not security, it's obscurity.
Yes, I used the wrong expression.
You can grant / revoke access to anything a user should or should not be
able to access anyway.
It's a web application user. I was trying to make some database magic,
hardening SQL injections... But its wrong, the application must be
secure. Unfortunelly I can't have a database user for each web user...
Thanks...
--
Daniel Cristian Cruz
---------------------------(end of broadcast)---------------------------
TIP 4: Have you searched our list archives?
http://archives.postgresql.org
