Re: unprivileged user

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: Andrew Dunstan <andrew(at)dunslane(dot)net>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: unprivileged user
Date: 2009-12-10 23:42:48
Message-ID: 1260488568.716.35.camel@vanquo.pezone.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On tor, 2009-12-10 at 17:20 -0500, Andrew Dunstan wrote:
> Some time later it came up again, this time when someone wanted to use a
> readonly database (hence no pg_dump required) with an application and
> wanted to keep the database layout and the source code of stored
> functions hidden as they regarded it as proprietary information.

Well, the information schema already implements a policy of this sort,
because it only shows information about things you have some kind of
access to. (I assume you are allowed to know about the things you have
access to.)

The problem in this sort of scheme is always that the system catalogs
are world readable, and changing that would break about every tool and
driver in existence. It's not clear how to fix that, at least not
without row-level security. Or how did your old patch address this?

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Peter Eisentraut 2009-12-11 00:14:42 Re: Has anyone used CLANG yet?
Previous Message Peter Eisentraut 2009-12-10 23:19:21 Re: Python 3.1 support