| From: | "Joe Conway" <joe(at)conway-family(dot)com> |
|---|---|
| To: | "Stephan Szabo" <sszabo(at)megazone23(dot)bigpanda(dot)com>, "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | "Serguei Mokhov" <sa_mokho(at)alcor(dot)concordia(dot)ca>, <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Isn't pg_statistic a security hole? |
| Date: | 2001-05-06 20:01:58 |
| Message-ID: | 014001c0d667$68ff9610$0205a8c0@jecw2k1 |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> Hmm, that would work --- you could join against pg_class to find out the
> owner of the relation. While you were at it, maybe look up the
> attribute name in pg_attribute as well. Anyone want to propose a
> specific view definition?
>
How does this work?
create view pg_userstat as (
select
s.starelid
,s.staattnum
,s.staop
,s.stanullfrac
,s.stacommonfrac
,s.stacommonval
,s.staloval
,s.stahival
,c.relname
,a.attname
,sh.usename
from
pg_statistic as s
,pg_class as c
,pg_shadow as sh
,pg_attribute as a
where
(sh.usename=current_user or current_user='postgres')
and sh.usesysid = c.relowner
and a.attrelid = c.oid
and c.oid = s.starelid
);
-- Joe
| From | Date | Subject | |
|---|---|---|---|
| Next Message | mlw | 2001-05-06 20:47:52 | Re: File system performance and pg_xlog (More info) |
| Previous Message | Tom Lane | 2001-05-06 19:12:03 | Re: Isn't pg_statistic a security hole? |