Re: strange permission error

From: Mr Dash Four <mr(dot)dash(dot)four(at)googlemail(dot)com>
To: pgsql-general(at)postgresql(dot)org
Subject: Re: strange permission error
Date: 2012-10-02 09:36:50
Message-ID: 506AB5B2.4090108@googlemail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general


> 'user: ' *is* text by default. I didn't notice you displaying
> your table definitions, but assuming u_name is TExT or VARCHAR(...)
> it should have worked without any explicit casts
u_name is a custom-defined type, consisting of user name (text/varchar),
a number (longint), host name (text/varchar) and the IP address used by
that user to log in, so yes, once I added explicit cast everything is
back to normal and functions properly.

> if you broke the permissions on the pg_catalog so badly that the SQL
> planner can't look up the data types of the fields of your own tables,
> well, thats just wrong.
What's the alternative? I am not willing to let an arbitrary program
using connection credentials, which have the ability to read my entire
system catalogue. What happens if that connection is hijacked by an
attacker? If they have access to that catalogue they would be able to
take a snapshot of my entire database structure and exploit it - I can't
allow that to happen and is the main reason I restricted access.

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Willy-Bas Loos 2012-10-02 13:01:08 insert ... returning in plpgsql
Previous Message Phoenix Kiula 2012-10-02 09:27:50 Re: Again, problem with pgbouncer