PostgreSQL - Securing DB and hide structure

Question

I am deploying a database in postgreSQL and I created a user that just will be able to execute certain functions.

I revoked all privileges from the user i just created and granted connect privileges executing:

REVOKE ALL PRIVILEGES ON DATABASE <database> FROM my_user;
REVOKE ALL PRIVILEGES ON SCHEMA public TO my_user;
GRANT CONNECT ON DATABASE <database> TO my_user;

But when i connect to the database with this user, i am able to read all table structures and all function source codes. Is there a way to hide it from this user?

I take the chance to make another question: I want to just execute functions (which may include select, insert or update on database tables) with this user, but I don't want to grant privileges on select, update or delete on tables. I am using "SECURITY DEFINER" and then I grant execution, but I think it may be a little insecure. Am I right? is there any other way to do it?

Thanks in Advance. Lamis

Answer 1

There's no way to hide the system catalogues from a user in PostgreSQL. If a user can't access the catalogues then they can't locate any other database objects.

If you really can't afford to let them see the structure of the db, you'll need to prevent them connecting. Build some sort of middle layer with a simple API that calls the db.

SECURITY DEFINER is the standard way to provide limited access at a higher privilege level. You have to be careful with any function arguments that can end up in a dynamic query though. That's the same "bobby tables" issue as with any dynamic sql building though.

Answer 2

How about

REVOKE SELECT ON pg_namespace FROM my_user;
REVOKE SELECT ON pg_catalog.pg_database FROM my_user;

You won't be able to see anything, but you'll be able to make queries if you know the namespace and table name.