Answer the question
In order to leave comments, you need to log in
O
O
Oleg Torbasov2016-08-24 12:45:42
Oleg Torbasov, 2016-08-24 12:45:42
Is it safe to share pg_catalog and information_schema schemas in PostgreSQL?
In PostgreSQL, the pg_catalog and information_schema schemas are accessible by everyone (PUBLIC) by default. Is it considered safe? After all, from them you can pull out, for example, a list of users with roles and get the admin login. Or is there something to be done about it?
1 answer(s)
@Nipheris
And actually what scenario of development of events you consider problematic? Well, someone will get the admin login, and?
S
Stanislav Makarov, 2016-08-24 @Nipheris
Let's turn to the documentation :
The catalog pg_authid contains information about database authorization identifiers (roles). A role subsumes the concepts of "users" and "groups". A user is essentially just a role with the rolcanlogin flag set. Any role (with or without rolcanlogin) can have other roles as members; see pg_auth_members.
Since this catalog contains passwords, it must not be publicly readable. pg_roles is a publicly readable view on pg_authid that blanks out the password field.
And actually what scenario of development of events you consider problematic? Well, someone will get the admin login, and?
Similar questions
A
U
P
D
E
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question