| From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
|---|---|
| To: | Josh Berkus <josh(at)agliodbs(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Views, views, views: Summary of Arguments |
| Date: | 2005-05-13 16:58:25 |
| Message-ID: | 4284DCB1.5060407@dunslane.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Josh Berkus wrote:
>Andrew, Merlin,
>
>
>
>>My approach was to remove all significant permissions (including on the
>>catalog) from public and regrant them to a pseudopublic group,
>>comprising designated users. The designated users would notice no
>>difference at all, while everyone else would be able to see only what
>>was explicitly granted to them. But there would be lots of testing and
>>thinking to be done before releasing it into the wild :-)
>>
>>
>
><plug>Doesn't it seem like a really complete set of system views (based on
>information_schema or otherwise) would potentially allow securing the
>pg_catalog?</plug>
>
>
>
Not really, no. It would just be one more thing that my hardening script
had to remove permissions from.
I still have an open mind about the sysviews project, but the more
oversold, hyped and promoted with bogus arguments it gets the more
skeptical I become.
cheers
andrew
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Josh Berkus | 2005-05-13 17:13:18 | Re: Views, views, views: Summary of Arguments |
| Previous Message | Tom Lane | 2005-05-13 16:57:53 | Re: Views, views, views: Summary of Arguments |