FW: Increasing security in a shared environment ...

From: "Simon Riggs" <simon(at)2ndquadrant(dot)com>
To: "Marc G(dot) Fournier" <scrappy(at)postgresql(dot)org>, "Andrew Dunstan" <andrew(at)dunslane(dot)net>
Cc: <pgsql-hackers(at)postgresql(dot)org>
Subject: FW: Increasing security in a shared environment ...
Date: 2004-03-31 07:58:30
Message-ID: KGEFLMPJFBNNLNOOOPLGAEENCHAA.simon@2ndquadrant.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

>Marc G. Fournier wrote
> Does anyone know how ppl like Oracle handle this? Are system catalogs
> like this open to all users?

The system catalogs for Oracle and most other systems I know of are
secure.

In both Oracle and Teradata the "system tables" are actually views,
which are actively granted access to users by the administrator. The
common set of views has a lookup in it to make sure only objects that
the user has *some* authority over are made available.

On Oracle, these are USER_ views, whereas the administrator has ALL_
views

These views look identical, so you can't even tell there's anything you
can't see.

I had been meaning to suggest that the rather useful \d commands in psql
make it through to wider use as system views...so now is a good time to
raise that suggestion. If they are worth having in psql, they are worth
giving to everyone and we can use that to implement security in just the
same way other systems already do.

Best Regards, Simon Riggs

Browse pgsql-hackers by date

  From Date Subject
Next Message vinayj 2004-03-31 08:06:32 Create Type Problem
Previous Message Fabien COELHO 2004-03-31 06:43:15 Re: with vs without oids in pg_catalog.*