Quick Links

Isn't pg_statistic a security hole?

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	pgsql-hackers(at)postgreSQL(dot)org
Subject:	Isn't pg_statistic a security hole?
Date:	2001-05-06 17:14:46
Message-ID:	28789.989169286@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Right now anyone can look in pg_statistic and discover the min/max/most
common values of other people's tables. That's not a lot of info, but
it might still be more than you want them to find out. And the
statistical changes that I'm about to commit will allow a couple dozen
values to be exposed, not only three values per column.

It seems to me that only superusers should be allowed to read the
pg_statistic table. Or am I overreacting? Comments?

regards, tom lane

Responses

Re: Isn't pg_statistic a security hole? at 2001-05-06 17:23:03 from Serguei Mokhov
Re: Isn't pg_statistic a security hole? at 2001-05-07 17:37:45 from Bruce Momjian

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Serguei Mokhov	2001-05-06 17:23:03	Re: Isn't pg_statistic a security hole?
Previous Message	Tom Lane	2001-05-06 16:05:25	Re: Re: New Linux xfs/reiser file systems