| From: | "Serguei Mokhov" <sa_mokho(at)alcor(dot)concordia(dot)ca> |
|---|---|
| To: | <pgsql-hackers(at)postgresql(dot)org>, "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Subject: | Re: Isn't pg_statistic a security hole? |
| Date: | 2001-05-06 17:23:03 |
| Message-ID: | 022001c0d651$36766e00$5dd9fea9@gunn |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Being a simple user, I still want
to view the stats from the table,
but it should be limited only
to the stuff I own. I don't wanna
let others see any of my info, however.
The SU's, of course, should be able to read
all the stats.
----- Original Message -----
From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: <pgsql-hackers(at)postgresql(dot)org>
Sent: Sunday, May 06, 2001 1:14 PM
Subject: [HACKERS] Isn't pg_statistic a security hole?
> Right now anyone can look in pg_statistic and discover the min/max/most
> common values of other people's tables. That's not a lot of info, but
> it might still be more than you want them to find out. And the
> statistical changes that I'm about to commit will allow a couple dozen
> values to be exposed, not only three values per column.
>
> It seems to me that only superusers should be allowed to read the
> pg_statistic table. Or am I overreacting? Comments?
>
> regards, tom lane
>
> ---------------------------(end of broadcast)---------------------------
> TIP 4: Don't 'kill -9' the postmaster
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2001-05-06 17:27:31 | Re: Isn't pg_statistic a security hole? |
| Previous Message | Tom Lane | 2001-05-06 17:14:46 | Isn't pg_statistic a security hole? |