Re: [ANNOUNCE] == PostgreSQL Weekly News - August 26 2007 ==

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tom Lane wrote:
> Joseph S <jks(at)selectacast(dot)net> writes:
>>> Tom Lane committed:
>>> - Restrict pg_relation_size to relation owner, pg_database_size to DB
>>> owner, and pg_tablespace_size to superusers. Perhaps we could
>>> weaken the first case to just require SELECT privilege, but that
>>> doesn't work for the other cases, so use ownership as the common
>>> concept.
>>>
>> Is there going to be a way to turn this off easily?
>
> No. If you want to make an argument for weaker restrictions than these,
> argue away, but security restrictions that can be "easily turned off"
> are no security at all.

Sure, but you haven't made a security adjustment. You have made a
behavioral adjustment that is guaranteed to break remote applications.

Joshua D. Drake

>
> regards, tom lane
>
> ---------------------------(end of broadcast)---------------------------
> TIP 2: Don't 'kill -9' the postmaster
>

- --

=== The PostgreSQL Company: Command Prompt, Inc. ===
Sales/Support: +1.503.667.4564 24x7/Emergency: +1.800.492.2240
PostgreSQL solutions since 1997 http://www.commandprompt.com/
UNIQUE NOT NULL
Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate
PostgreSQL Replication: http://www.commandprompt.com/products/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG0vYlATb/zqfZUUQRAj+9AJ9Mz7tXXgrtibJMY/WLmL7x3wja3gCeP0Kw
gi91a+6oxgT+ziI9mwLHlfI=
=wxN+
-----END PGP SIGNATURE-----