| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Increasing security in a shared environment ... |
| Date: | 2004-03-29 18:16:25 |
| Message-ID: | 2646.1080584185@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Andrew Dunstan <andrew(at)dunslane(dot)net> writes:
> I just played around briefly with removing *all* public access to a
> couple of catalog tables - pg_class and pg_attrdef. Obviously this
> breaks things like \d and friends. I'm not sure how much else it might
> break -
pg_dump, for starters ...
I'm not sure that hiding the contents of the current database's catalog
is all that useful a goal in practice. If you have two users sharing a
database then probably you *want* them to be able to exchange some
amount of information. I can see the use-case for hiding contents of
the shared tables (pg_database, pg_shadow, pg_group) in installations
where different users have different databases but you want to run just
one common postmaster. Even there, though, it doesn't seem all that
essential --- its only usefulness is security by obscurity.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Marc G. Fournier | 2004-03-29 18:21:47 | Re: Increasing security in a shared environment ... |
| Previous Message | Dave Page | 2004-03-29 18:11:13 | Re: Increasing security in a shared environment ... |