| From: | Martijn van Oosterhout <kleptog(at)svana(dot)org> |
|---|---|
| To: | Robert Treat <xzilla(at)users(dot)sourceforge(dot)net> |
| Cc: | "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: deny access to system tables |
| Date: | 2002-10-10 12:35:08 |
| Message-ID: | 20021010123508.GD25467@svana.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Thu, Oct 10, 2002 at 08:42:32AM -0400, Robert Treat wrote:
> On Wednesday 09 October 2002 08:29 pm, Martijn van Oosterhout wrote:
> > If you prevented SELECT access to the system tables, that would mean they
> > couldn't execute queries, since the parser needs to access system tables to
> > work out what fields are in tables, what indexes are available and such
> > things.
> >
> > What are you trying to achieve?
>
> If I could prevent access to pg_proc the user would (theoretically) not be
> able to run any functions, and more importantly would not be able to see the
> source of my functions. I believe the same hold true for pg_views.
Well, that won't work. pg_proc also contains the functions that parse and
output data to the client. You do realise that pg_views, pg_tables and
pg_indexes are themselves views. The typecasts used are also looked up in
pg_proc. Even tab-completion from psql uses a function.
If you don't want users to see the source to your functions, write them in a
way that doesn't require the source within postgres, like loading in an
external library.
--
Martijn van Oosterhout <kleptog(at)svana(dot)org> http://svana.org/kleptog/
> There are 10 kinds of people in the world, those that can do binary
> arithmetic and those that can't.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Adam Witney | 2002-10-10 12:38:58 | Re: pg_restore error |
| Previous Message | Shridhar Daithankar | 2002-10-10 12:34:58 | Re: Getting tables, procedures, etc. |