On Wed, Apr 16, 2025 at 8:07 AM Dominique Devienne <ddevie...@gmail.com> wrote:
> On Wed, Apr 16, 2025 at 4:39 PM Tom Lane <t...@sss.pgh.pa.us> wrote: > > Laurenz Albe <laurenz.a...@cybertec.at> writes: > > > On Wed, 2025-04-16 at 10:09 +0200, Dominique Devienne wrote: > > So in a way, you guys are saying one should never REVOKE CONNECT ON > DATABASE FROM PUBLIC? > > All my DBs are not PUBLIC-accessible. > And inside my DBs, I try to revoke everything from PUBLIC > (USAGE ON TYPES, EXECUTE ON ROUTINES). > Nor do I use the public schema. > And I never use the "built-in" postgres database. > Basically I want all GRANTs to be explicit. > > Given the above, I'd want to not provide access to the postgres DB too. > > Yet have a way to discover which DBs I can connect to, from the "cluster > only". > Kinda surprised you don't consider this a feature...give all of your databases UUID names and ensure that non-superusers must be told the databases they are allowed to connect to. But feel free to work out a design and add it to the ToDo list for the v4 protocol. The use case seems reasonable and doable (on the basis of the replication protocol works). https://wiki.postgresql.org/wiki/Todo#Wire_Protocol_Changes_.2F_v4_Protocol David J.
