Re: Isn't pg_statistic a security hole?

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Stephan Szabo <sszabo(at)megazone23(dot)bigpanda(dot)com>
Cc: Serguei Mokhov <sa_mokho(at)alcor(dot)concordia(dot)ca>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Isn't pg_statistic a security hole?
Date: 2001-05-06 19:12:03
Message-ID: 29425.989176323@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Stephan Szabo <sszabo(at)megazone23(dot)bigpanda(dot)com> writes:
>> This is infeasible since we don't have a concept of per-row permissions.
>> It's all or nothing.

> Maybe make statistics readable only by superusers with a view that uses
> CURRENT_USER or something like that to only give the objects that
> have owners of this user? Might be an ugly view, but...

Hmm, that would work --- you could join against pg_class to find out the
owner of the relation. While you were at it, maybe look up the
attribute name in pg_attribute as well. Anyone want to propose a
specific view definition?

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Joe Conway 2001-05-06 20:01:58 Re: Isn't pg_statistic a security hole?
Previous Message Joe Conway 2001-05-06 18:35:49 Re: Isn't pg_statistic a security hole?