I'm mantaining a Postgres installation on an ISP, and I see a relativly important security issue.
I can connect to postgres with a normal user login and take a look to the database structure of all the other databases on the installation.
This is very visual with PGadmin. I connect as a simple user, and I can't create or select data from other's database, but i can see which databases exists on the system and look at the tables and columns of each of them (and i don't want it).
I've tried to solve it with:
REVOKE ALL PRIVILEGES ON DATABASE x FROM PUBLIC; REVOKE ALL PRIVILEGES ON SCHEMA public FROM PUBLIC; REVOKE ALL PRIVILEGES ON SCHEMA public FROM GROUP users; ...
And I still can to look at the others database structure (connecting as a non privileged user) ...
How I could solve this?
Thanks -- ******************************************************** Daniel Rubio Rodr�guez ********************************************************
---------------------------(end of broadcast)--------------------------- TIP 4: Don't 'kill -9' the postmaster
