| From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Merlin Moncure <merlin(dot)moncure(at)rcsonline(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Views, views, views: Summary of Arguments |
| Date: | 2005-05-13 15:01:09 |
| Message-ID: | 4284C135.4080507@dunslane.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tom Lane wrote:
>"Merlin Moncure" <merlin(dot)moncure(at)rcsonline(dot)com> writes:
>
>
>>However, I think PostgreSQL has a fairly serious security problem in
>>that the system catalogs are open to the public. I don't seem to be
>>winning many supporters on this particular point though.
>>
>>
>
>No, you're not, and it's not like we've never heard this argument
>before.
>
>Just upthread there were several complaints about the information_schema
>being too restrictive to be useful --- I think we'd get a whole lot more
>of that if we tried to prevent direct examination of the catalogs.
>
>
>
>
There is a case for a facility to "harden" postgres. My experiments some
time ago show you can pretty much hide everything without breaking
anything badly if you're careful. I have it on my personal TODO list to
complete a hardening script - although I have no idea when I'll get to it.
cheers
andrew
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Merlin Moncure | 2005-05-13 15:23:57 | Re: Views, views, views: Summary of Arguments |
| Previous Message | Tom Lane | 2005-05-13 14:43:14 | Re: Views, views, views: Summary of Arguments |