| From: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> |
|---|---|
| To: | Bryn Llewellyn <bryn(at)yugabyte(dot)com>, Neeraj M R <neerajmr12219(at)gmail(dot)com> |
| Cc: | pgsql-general list <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Restricting user to see schema structure |
| Date: | 2022-05-12 18:44:27 |
| Message-ID: | 048ab2c5-ddf6-d039-3c2a-1828d8c9137b@aklaver.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 5/12/22 11:29, Bryn Llewellyn wrote:
> I've prototyped this scheme. It seems to work as designed. A client that connects with psql (or any other tool) can list the API functions and whatever \df and \sf show. (notice that \d will reveal nothing.)But doing this reveals only the names of the functions that are called (which will be identical to the jacket names—so no risk here) and the name(s) of the schema(s) where they live (so a minor theoretical risk here).
>
> Full disclosure: I've never done this in anger.
Try select * from pg_class or select * from pg_attribute or any of the
other system catalogs.
--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David G. Johnston | 2022-05-12 19:14:20 | Re: Restricting user to see schema structure |
| Previous Message | Bryn Llewellyn | 2022-05-12 18:40:27 | Re: Deferred constraint trigger semantics |