about me and my world

Montag, 15. März 2010

PostgreSQL @ LinuxDays Chemnitz

Hi all,

I'm back from Chemnitz, the german PG User Group was there with a booth, a workshop (performance tuning) and a talk about the upcoming 9.0-features.

The workshop and the talk was given by ads, so i think, he will write a blog-posting too. But i can say there was a LOT of attendees to listen his talk.

From my point of view i can say it was a success, many people comes to us and ask us 'how can we migrate from database XYZ to PostgreSQL?'. Great!

And yes, we had also a LOT of happy pg-users and we had heard much positive stories about PG.

But one disadvantage with PG comes up, particular in a hosting environment: every user can see all databases. I had heard that more than once, maybe we should think about a switch in postgresql.conf to disable this.



Anonym hat gesagt…

REVOKE SELECT ON TABLE pg_database FROM public;

akretschmer hat gesagt…

Doh! That's all? I'm so stupid ...

Thx for this hint, i will keep this in mind.

akretschmer hat gesagt…

Many Thanks to RhodiumToad for this conversation on IRC (#postgresql):

08:42 < akretschmer> I'm so stupid ...
08:43 < RhodiumToad> ?
08:44 < akretschmer> RhodiumToad: read planet, my blog-entry ...
08:44 < akretschmer> and the comments ...
08:44 < RhodiumToad> there's a bit more to it than that.
08:45 < RhodiumToad> you need to revoke it in each db
08:45 < akretschmer> ahh
08:45 < akretschmer> okay
08:45 < RhodiumToad> since although it's a single table, its access permissions are controlled independently in each db
08:46 < akretschmer> can i revoke from public in template1?
08:46 < RhodiumToad> an additional snag is that someone with createdb can create a new db from template0, and then use that to view dbs
08:46 < RhodiumToad> yes, you can do it in template1
08:46 < akretschmer> ah yes, but not in template0, so i have a problem ...
08:46 < RhodiumToad> you can flip datallowconn on template0 and then change it there
08:47 < akretschmer> i can change template0?
08:48 < RhodiumToad> you have to jump through the hoops (updateing datallowconn to be able to connect), but yes
08:48 < RhodiumToad> good idea to vacuum freeze; it before turning datallowconn back off
08:49 < RhodiumToad> this is far from the only issue with running pg in a shared hosted environment though