Hello List, I was wondering if there is something like a best practice document for running PostgreSQL (probably 8.3.3) securely in a shared Web+DB hosting environment, where different people without any administrative relationship between them may run their databases on the same server.
I am particularly interested in the
role, permission and schema layout.
Also I'm worried about the amount of information
available to ordinary DB users. For instance,
without revoking access to pg_catalog from
PUBLIC all users can see the usernames,
database names etc. of all other users. But
revoking the right from pg_catalog doesn't
seem to be an option, as this breaks
several features of the psql utility and probably
other things.
Thanks & Best Regards,
Thomas
signature.asc
Description: This is a digitally signed message part
