Hi all,

I wonder if it's a security problem: One of my customer noticed that he
could see all databases on the system with phppgadmin. not only he sees
databases but tables, views, fonctions... Fortunatly he can't see any row.

This customer has the ability to create databases but not users.
I wonder if the super_user privilege should be separated from the
priviledge of creating databases/users.

I alose think that only a superuser should list databases and objects.

What do you think?


Olivier PRENANT                 Tel:    +33-5-61-50-97-00 (Work)
Quartier d'Harraud Turrou           +33-5-61-50-97-01 (Fax)
31190 AUTERIVE                      +33-6-07-63-80-64 (GSM)
FRANCE                      Email: [EMAIL PROTECTED]
Make your life a dream, make your dream a reality. (St Exupery)

---------------------------(end of broadcast)---------------------------
TIP 4: Don't 'kill -9' the postmaster

Reply via email to