Posgres security

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Trent Shipley
Date:  
Subject: Posgres security
I have been looking at PostgreSQL.

Having gotten used to Oracle 8.1 Postgres seems a bit puny. However, it is
clearly a compentent little ORDBMS with an unbeatable Initial Cost of
Ownership.

Unfortunately, all the documentation seems to indicate that security is weak
to the point of non-existance. To secure a Pgsql database secure the *NIX
box where it lives and let no one but the Sys Admin, DBA, very trusted
developers (and trusted code) have user accounts on the database. Everyone
else connects through a trusted application or not at all.

Most important, I can't find anyway to keep a normal user from creating
tables, indexes or other objects. Furthermore, it looks like a user defaults
to access to objects. Just as bad, Postgres has no extensions to SQL-92/99
security so GRANT/REVOKE must be done object by object.

I write this in the hope that I am thoroughly mistaken and some kind citizen
will correct my errors.