agora inbox for postgres@postgres.berkeley.edu
help / color / mirror / Atom feedTo: postgres@postgres.berkeley.edu
Subject: Re: Postgres security
Date: Thu, 07 Nov 91 10:54:29 PST
Message-ID: <9111071854.AA18421@postgres.Berkeley.EDU> (raw)
In-Reply-To: <9111071618.AA15926@postgres.Berkeley.EDU>
In message <9111071618.AA15926@postgres.Berkeley.EDU> you write:
> I've just installed postgres on a Sun and I'm looking at the possibility of
> using postgres as a database server for an user accounting system I'm
> writing. I built libpq on a Convex 3220 and I wrote a sample program on
> the Convex to access a demo database on the Sun. Everything works great.
>
> My question is: Does postgres do any kind of security checks to prevent
> unauthorized users from accessing another users database. There did not
> appear to be anykind of checks to prevent me from reading the database on
> the Sun.
Postgres is currently very weak in the area of security. The only check it
does is against pg_user to ensure that the person using Postgres is allowed
to do so. Any postgres user can access any database and examine any relation
in the that database.
The postgres rule systems can provide a rather unique way of doing your
own security. i.e. defining rules to protect your relations. There is
currently no builtin mechanism to for determining whose accessing the system,
but you can define your own function to determine this. However,
without network security and serious DBMS support these measures would be
easy to circumvent.
> I'm also wondering if there is a postgres usenet conference.
no.
Jeff Meredith
mer@postgres.berkeley.edu
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: postgres@postgres.berkeley.edu
Subject: Re: Postgres security
In-Reply-To: <9111071854.AA18421@postgres.Berkeley.EDU>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox