| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com> |
| Cc: | "Quiroga, Damian" <damian(dot)quiroga(at)intel(dot)com>, "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Hiding name and version |
| Date: | 2015-09-17 18:11:37 |
| Message-ID: | 15921.1442513497@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
"Joshua D. Drake" <jd(at)commandprompt(dot)com> writes:
> On 09/17/2015 10:32 AM, Quiroga, Damian wrote:
>> Is it possible to prevent users from running the version function or
>> all system information functions? If so, how?
> You could probably revoke access to the function(s) (I haven't tried it
> because it seems very silly).
I believe revoking public execute access would work, but I concur that
this specific request seems entirely pointless. Anyone with SQL-level
access to the server, and a copy of the release notes, can soon determine
what version they are talking to by testing for the presence or absence of
assorted features and bugs.
Keep in mind also that pg_dump or pg_upgrade would not preserve such
alterations to system functions.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2015-09-17 18:14:48 | Re: Hiding name and version |
| Previous Message | Quiroga, Damian | 2015-09-17 18:11:09 | Re: Hiding name and version |