Re: Catalog Security WAS: Views, views, views: Summary

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: "Jim C(dot) Nasby" <decibel(at)decibel(dot)org>
Cc: Christopher Kings-Lynne <chriskl(at)familyhealth(dot)com(dot)au>, Russell Smith <mr-russ(at)pws(dot)com(dot)au>, Andrew Dunstan <andrew(at)dunslane(dot)net>, andrew(at)supernews(dot)com, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Catalog Security WAS: Views, views, views: Summary
Date: 2005-05-14 14:00:09
Message-ID: 20050514140009.GF30011@ns.snowman.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

* Jim C. Nasby (decibel(at)decibel(dot)org) wrote:
> On Sat, May 14, 2005 at 08:55:17AM -0400, Stephen Frost wrote:
> > * Christopher Kings-Lynne (chriskl(at)familyhealth(dot)com(dot)au) wrote:
> > > Hackers - we get an email about information hiding in shared
> > > postgresql/phppgadmin installations at least once a fortnight :)
> >
> > I agree with this- it needs to be dealt with and fixed already, once and
> > for all.
>
> Given that the newsysviews all base visibility on granted permissions,
> would they do the job for you?

From what I've seen of them, yes, I believe they're exactly what I'm
looking for. Of course, I'd really like to have them in core and have
client applications updated to use them (assuming they need to be
changed, which I'm guessing they would), etc.

Unfortunately it's a bit too late to change what I'm about to put into
production to the newsysviews (not 100% sure they're entirely ready yet
either) but I'll set them up on some of my development machines and play
around with them some more. Here's to hopeing they're in 8.1...

Thanks,

Stephen

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Jim C. Nasby 2005-05-14 14:00:44 Re: Server instrumentation for 8.1
Previous Message Jim C. Nasby 2005-05-14 13:50:09 Re: Catalog Security WAS: Views, views, views: Summary