Re: [admin]@postgresql.org pg_database contents ... what happens

On Sun, May 30, 2004 at 10:45:02PM -0700, Uwe C. Schroeder wrote:
> On Sunday 30 May 2004 09:44 pm, Paul Gimpelj wrote:
> > If I connect to any database with psql I can see all the other databases in
> > table pg_database under postgresql 7.2
> >
> > What happens if I delete all the rows from this table.
>
>
> Well, similar question would be "what happens if I format the harddrive and
> throw the box into the bathtub" :-)

    I wouldn't say so - you can delete from pg_database only if you
are are granted database create/drop (or you are superuser).

    If I understand Paul correctly, his real question was "I can see
pg_database if I connect to any database, as any user - is it
safe/secure?". Then, answer to this question would be: yes, as long as
you are normal user, because it is one of PostgreSQL's system tables. You
can select from that table, but to update/delete from that table, you
need to have rights to create/drop database.

    Do "select * from pg_shadow" as postgresql superuser, to check users
that have permission to create/drop (see
http://www.postgresql.org/docs/7.4/interactive/catalog-pg-shadow.html).

    So, to be safe, do not grant database creation rights to users that
shouldn't have them (see also "Chapter 17. Database Users and Privileges" ->
"17.2. User Attributes"
http://www.postgresql.org/docs/7.4/interactive/user-attributes.html)

    Best regards,
--
--- Artur Pietruk, arturp(-=AT=-)plukwa.net