Re: Insufficient attention to security in contrib (mostly)

From: Dave Page <dpage(at)postgresql(dot)org>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Josh Berkus <josh(at)agliodbs(dot)com>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Insufficient attention to security in contrib (mostly)
Date: 2007-08-28 15:36:04
Message-ID: 46D440E4.6030202@postgresql.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Tom Lane wrote:
> * no restriction on database-size function *when applied to the current
> database* (again, you could look into pg_class); to apply to some other
> database, you must have connect privileges. (Actually, on the
> assumption that you must have connect privs to current DB, I guess we
> could simplify that to connect privs on target DB, full stop.)

The latter would be preferrable for pgAdmin which queries database-level
info from the maintenance DB (usually postgres).

> * tablespace-size function requires being owner of current DB.

I assume superusers will also be able to use it, not just the actual owner?

/D

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Bruce Momjian 2007-08-28 15:44:03 Re: FW: was [PERFORM] partitioned table and ORDER BY indexed_field DESC LIMIT 1
Previous Message Tom Lane 2007-08-28 15:25:01 Re: Insufficient attention to security in contrib (mostly)