I have some questions on how stuff works, specifically securing databases..

on mysql you give a user x permissions per x database

on postgresql you give user x permissions per x table

when you login to the database on a mysql user, you can only do what you're allowed to do

when you login to a database on postgresql you can create tables, (and you get full permissions on the table that user created, which only makes sense)

does this mean that a user can login to any database, and create any tables.. but he can only do whatever he's already allowed to do with "GRANT" on already-created tables?

in other words, if I were to make a user that has select on majority of the tables, if it was hacked, all the person would ever be able to do is select some tables, but they couldn't do anything else? (other than creating their own tables and deleting their own tables)

I like both ways, I have no problem with both ways, just getting more into postgresql since it's nicer with PHP, so I am working on setting stuff up