| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
| Cc: | Antonin Houska <ah(at)cybertec(dot)at>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Incorrect comment on pg_shadow view |
| Date: | 2024-10-18 14:22:32 |
| Message-ID: | 868678.1729261352@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Daniel Gustafsson <daniel(at)yesql(dot)se> writes:
>> On 18 Oct 2024, at 13:50, Antonin Houska <ah(at)cybertec(dot)at> wrote:
>> Attached is a proposal to fix a comment in pg_authid.h. pg_shadow is not (and
>> obviously should not be) accessible by public:
> - * pg_shadow and pg_group are now publicly accessible views on pg_authid.
> + * pg_shadow and pg_group are now views on pg_authid.
> I'm no native speaker but I don't interpret "publicly accessible" as readable
> by the public role, rather that they are accessible via a user interface (in
> this case SQL).
I think Antonin is right. pg_authid is just as accessible from SQL as
these views are. Also note the phrasing in the SGML documentation of
pg_shadow [1]:
The name stems from the fact that this table should not be
readable by the public since it contains passwords. pg_user is a
publicly readable view on pg_shadow that blanks out the password
field.
regards, tom lane
[1] https://www.postgresql.org/docs/devel/view-pg-shadow.html
| From | Date | Subject | |
|---|---|---|---|
| Previous Message | Aleksander Alekseev | 2024-10-18 14:20:42 | Re: [PATCH] Add get_bytes() and set_bytes() functions |