Re: revoked permissions on table still allows users to see table's structure

From: Dinesh Bhandary <dbhandary(at)iii(dot)com>
To: pgsql-admin(at)postgresql(dot)org
Subject: Re: revoked permissions on table still allows users to see table's structure
Date: 2011-07-22 18:09:45
Message-ID: 4E29BCE9.2010301@iii.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

We had the same problem, and we still do not have an elegant solution,
we have a workaround which I really don't like.

I agree with Juan - it is a limitation. I understand that you can solve
this problem outside of a database, but it will be nice to have a
strictly read only user who can just see data of the assigned objects
and nothing else.

Dinesh

O-+n 7/22/2011 11:00 AM, Kevin Grittner wrote:
> "Juan Cuervo (Quality Telecom)"<juanrcuervo(at)quality-telecom(dot)net>
> wrote:
>
>> Imagine you own a software development company,
>
> Not too hard for me. Been there, done that.
>
>> and decides to base the company's product on Postgresql databases.
>> Such a company surely dont want to expose his database design to
>> its customers, but in some time might want to provide 'select'
>> access to some users, so they can pull data to external datamining
>> or data analisys tools, for example. If this is not possible in
>> postgresql right now, then all users with connect privilege will
>> be able to see not only the table's structure, but also the stored
>> procedures code, wich in many cases, stores a business logic or
>> know-how.
>
> Imagine that the software is running on a machine under the client's
> control, where they have root access to the OS. They can then
> disassemble or debug through code to see how the encrypted procedure
> code is turned into something the database can compile, they can
> connect to the database as the superuser to view all details. The
> only protection provided by what you suggest is from those too inept
> to really pose a competitive threat. If you think some other
> product gives you protection beyond this, it is an illusion.
>
> The only way to protect your schema and logic from view is to offer
> "software as a service". While someone might still infer a lot
> about the structure of the data and the logic of the code from
> observing its displays and the procedures available to the user, you
> would have some insulation.
>
> -Kevin
>

In response to

Responses

Browse pgsql-admin by date

  From Date Subject
Next Message Scott Ribe 2011-07-22 18:21:48 Re: revoked permissions on table still allows users to see table's structure
Previous Message Igor Neyman 2011-07-22 18:09:07 Re: revoked permissions on table still allows users to see table's structure