| From: | Stephan Szabo <sszabo(at)megazone23(dot)bigpanda(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Serguei Mokhov <sa_mokho(at)alcor(dot)concordia(dot)ca>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Isn't pg_statistic a security hole? |
| Date: | 2001-05-06 18:03:40 |
| Message-ID: | Pine.BSF.4.21.0105061101530.73009-100000@megazone23.bigpanda.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sun, 6 May 2001, Tom Lane wrote:
> "Serguei Mokhov" <sa_mokho(at)alcor(dot)concordia(dot)ca> writes:
> > Being a simple user, I still want to view the stats from the table,
> > but it should be limited only to the stuff I own. I don't wanna let
> > others see any of my info, however. The SU's, of course, should be
> > able to read all the stats.
>
> This is infeasible since we don't have a concept of per-row permissions.
> It's all or nothing.
Maybe make statistics readable only by superusers with a view that uses
CURRENT_USER or something like that to only give the objects that
have owners of this user? Might be an ugly view, but...
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Serguei Mokhov | 2001-05-06 18:15:52 | Fw: Isn't pg_statistic a security hole? |
| Previous Message | Lincoln Yeoh | 2001-05-06 17:56:18 | Re: Re: New Linux xfs/reiser file systems |