| From: | Jan Wieck <JanWieck(at)Yahoo(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Serguei Mokhov <sa_mokho(at)alcor(dot)concordia(dot)ca>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Isn't pg_statistic a security hole? |
| Date: | 2001-05-07 16:07:56 |
| Message-ID: | 200105071607.MAA02611@jupiter.jw.home |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tom Lane wrote:
> "Serguei Mokhov" <sa_mokho(at)alcor(dot)concordia(dot)ca> writes:
> > Being a simple user, I still want to view the stats from the table,
> > but it should be limited only to the stuff I own. I don't wanna let
> > others see any of my info, however. The SU's, of course, should be
> > able to read all the stats.
>
> This is infeasible since we don't have a concept of per-row permissions.
> It's all or nothing.
Can't we provide a view that shows those rows from
pg_statistics that belong to the tables owned by the current
user?
Jan
--
#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me. #
#================================================== JanWieck(at)Yahoo(dot)com #
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2001-05-07 16:08:37 | Re: File system performance and pg_xlog |
| Previous Message | Bruce Momjian | 2001-05-07 16:06:27 | Re: typo in psql's help |