Re: Views, views, views: Summary of Arguments

Andrew Dunstan wrote:
> Tom Lane wrote:
> >"Merlin Moncure" <merlin(dot)moncure(at)rcsonline(dot)com> writes:
> >>However, I think PostgreSQL has a fairly serious security problem in
> >>that the system catalogs are open to the public. I don't seem to be
> >>winning many supporters on this particular point though.
> >
> >No, you're not, and it's not like we've never heard this argument
> >before.
> >
> >Just upthread there were several complaints about the
information_schema
> >being too restrictive to be useful --- I think we'd get a whole lot
more
> >of that if we tried to prevent direct examination of the catalogs.
>
> There is a case for a facility to "harden" postgres. My experiments
some
> time ago show you can pretty much hide everything without breaking
> anything badly if you're careful. I have it on my personal TODO list
to
> complete a hardening script - although I have no idea when I'll get to
it.

:-). I tried it from that angle and could only come up with two modes:
'pgadmin on' and 'pgadmin off' (per user). If you can do better, I'd be
thrilled. I also don't want to overblow my own argument...the database
can be secured quite effectively if you know what to do. It would just
be nice to have a little flexibility.

I suppose a hardening script, internal or external to the project is a
reasonable way of addressing my security concerns, if not superior.

Merlin