| From: | "Andrew Dunstan" <andrew(at)dunslane(dot)net> |
|---|---|
| To: | <mgill(at)pointdx(dot)com> |
| Cc: | <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Restrict users from describing table |
| Date: | 2004-01-04 01:18:43 |
| Message-ID: | 4433.24.211.141.25.1073179123.squirrel@www.dunslane.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Michael Gill said:
> Hello,
>
> I've tried asking this question elsewhere and have not received a
> satisfactory response.
>
> I want to restrict users of my packaged database from directly
> accessing the data or reading the schema. I would provide access to
> the read-only data through functions (which works well in PG). I find
> that \d will expose the structure even though the user can't select:
>
> movies=> \d codeset.first_table
> Table "codeset.first_table"
> Column | Type | Modifiers
> --------+---------+-----------
> col1 | integer |
> col2 | integer |
>
> movies=> select * from codeset.first_table;
> ERROR: permission denied for schema codeset
>
> Is there any way to hide the structure from a particular user. I can't
> use Postgresql if I can't encapsulate our intellectual property.
>
How will purchasers of your product run pg_dump if the superuser can't get
at the database schema?
The only way I can see to do this in general is some sort of filter layer
between the database and the user.
I'm mildly dubious of the IP value of a database schema, I must confess. I
guess you could also play funny games with the column and table names to
obscure the semantics, at the obvious cost of a maintenance nightmare.
cheers
andrew
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2004-01-04 01:25:21 | psql \d option list overloaded |
| Previous Message | Andrew Dunstan | 2004-01-04 01:07:36 | Re: PL/Java issues |