On May 9, 2007, at 2:09 PM, Daniel Cristian Cruz wrote:
It's a web application user. I was trying to make some database magic,
hardening SQL injections... But its wrong, the application must be
secure. Unfortunelly I can't have a database user for each web user...
I don't see the issue if use
2007/5/9, Scott Marlowe <[EMAIL PROTECTED]>:
On Wed, 2007-05-09 at 08:05, Daniel Cristian Cruz wrote:
> Hi there!
>
> Is it possible to revoke usage of pg_catalog for a specific user?
>
> The reason is to secure PostgreSQL. If a user can connect to a
> database, it could query pg_class, pg_attrib
On Wed, 2007-05-09 at 08:05, Daniel Cristian Cruz wrote:
> Hi there!
>
> Is it possible to revoke usage of pg_catalog for a specific user?
>
> The reason is to secure PostgreSQL. If a user can connect to a
> database, it could query pg_class, pg_attribute, pg_proc search for
> specific tables and
"Daniel Cristian Cruz" <[EMAIL PROTECTED]> writes:
> Is it possible to revoke usage of pg_catalog for a specific user?
No, not if you'd like them to be able to do anything useful.
regards, tom lane
---(end of broadcast)---
T
Hi there!
Is it possible to revoke usage of pg_catalog for a specific user?
The reason is to secure PostgreSQL. If a user can connect to a database, it
could query pg_class, pg_attribute, pg_proc search for specific tables and
if using dblink, even database passwords...
I just made a test, revo
