Re: Updates of SE-PostgreSQL 8.4devel patches

From: Andrew Sullivan <ajs(at)commandprompt(dot)com>
To: pgsql-hackers(at)postgresql(dot)org
Subject: Re: Updates of SE-PostgreSQL 8.4devel patches
Date: 2008-10-10 13:00:21
Message-ID: 20081010130021.GC49140@commandprompt.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Fri, Oct 10, 2008 at 01:09:48PM +0900, KaiGai Kohei wrote:

>> 4. Metadata-level access controls. None of the proposals so far seem
>> to provide a complete set of access controls for the system details --
>> schemas, databases, &c. Such controls are often requested, so I
>> wonder about that.
>
> We are already have GRANT/REVOKE on databases, schemaes and so on
> as a core facility. This optional facility does not need to provide
> it again.

I think I wasn't clear enough. One of the requests we hear all the
time -- indeed, somone just posted an RFQ looking for coders for it --
is a request to prevent users who haven't any permission on a database
to learn anything about it at all. In a shared hosting environment,
for instance, the idea is that two customers can have databases in the
same back end, and not be able to learn anything about one another
_including that they are there_. I am pretty sure I first heard
someone wishing for something like that when was using PostgreSQL
6.something, so it's a long-standing irritant.

Anyway, I'm not trying to suggest, "You should do this." I'm just
trying to point out that what are the obvious areas of access control
from one point of view are not even interesting from another. This is
why I think a fairly complete analysis is needed (and why I think it
hasn't been done yet).

A

--
Andrew Sullivan
ajs(at)commandprompt(dot)com
+1 503 667 4564 x104
http://www.commandprompt.com/

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Andrew Sullivan 2008-10-10 13:07:49 Re: Updates of SE-PostgreSQL 8.4devel patches
Previous Message Jim Cox 2008-10-10 12:53:25 Re: TODO item: adding VERBOSE option to CLUSTER [with patch]