Re: security issues

On Fri, 2021-12-10 at 15:33 +0100, Frank Eckes wrote:
> To access data in a PostgreSQL database I write queries which contains 
> the business rules
> 
> how t access data. This is working fine and also the permission are 
> working fine.
> 
> But I found out that a user can see the complete business rules in a 
> query or a procedure which is
> 
> a big security issue.
> 
> Is there e possibility that I can hide the definition and th user can 
> only see the data or can execute
> 
> the procedure/function.

No, there is no good way to do that.

It is very unusual to put secret information into a view definition...

> And even worse, if i define a foreign server (e.g ORACLE) everybody can 
> see the credentials in a user mapping
> 
> which should not be allowed. This might be a show stopper of using 
> PostgreSQL in security environments.

Then you use Oracle external authentication, for example with a
secure key store on the PostgreSQL server.  Then you don't need a
password.

Yours,
Laurenz Albe
-- 
Cybertec | https://www.cybertec-postgresql.com