| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Josh Berkus <josh(at)agliodbs(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Views, views, views: Summary of Arguments |
| Date: | 2005-05-13 16:57:53 |
| Message-ID: | 24884.1116003473@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Josh Berkus <josh(at)agliodbs(dot)com> writes:
> Andrew, Merlin,
>> My approach was to remove all significant permissions (including on the
>> catalog) from public and regrant them to a pseudopublic group,
>> comprising designated users. The designated users would notice no
>> difference at all, while everyone else would be able to see only what
>> was explicitly granted to them. But there would be lots of testing and
>> thinking to be done before releasing it into the wild :-)
> <plug>Doesn't it seem like a really complete set of system views (based on
> information_schema or otherwise) would potentially allow securing the
> pg_catalog?</plug>
It'd just move the issues to a different place ... you still have to
test and think ;-)
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Dunstan | 2005-05-13 16:58:25 | Re: Views, views, views: Summary of Arguments |
| Previous Message | Josh Berkus | 2005-05-13 16:30:41 | Re: Views, views, views: Summary of Arguments |