i deploying database in postgresql , created user able execute functions.
i revoked privileges user created , granted connect privileges executing:
revoke privileges on database <database> my_user; revoke privileges on schema public my_user; grant connect on database <database> my_user; but when connect database user, able read table structures , function source codes. there way hide user?
i take chance make question: want execute functions (which may include select, insert or update on database tables) user, dont want grant privileges on select, update or delete on tables. using "security definer" , grant execution, think may little insecure. right? there other way it?
thanks in advance. lamis
there's no way hide system catalogues user in postgresql. if user can't access catalogues can't locate other database objects.
if can't afford let them see structure of db, you'll need prevent them connecting. build sort of middle layer simple api calls db.
security definer standard way provide limited access @ higher privilege level. have careful function arguments can end in dynamic query though. that's same "bobby tables" issue dynamic sql building though.
Comments
Post a Comment