"The \l command should only list databases that the current user is authorized for, the \du command should only list users authorized for the current database (and perhaps only superusers should get even that much information), etc. Perhaps it is possible to set PG to do this, but that should probably be the default."
This is from a PgSQL vs MySQL thread on -general ... how hard would it be make it so that a non-superuse user can't do a \l and see everyone's databases? Or, when doing a \d in a database you are able to connect to, it would only show those tables that you are authorized for?
Well, you can just go SELECT * FROM pg_database; so fixing \l won't do anything.
I too would like to see more security in this respect, but it will be difficult if not impossible to implement methinks...
Chris
---------------------------(end of broadcast)--------------------------- TIP 8: explain analyze is your friend
