| From: | Andreas Joseph Krogh <andreas(at)visena(dot)com> |
|---|---|
| To: | Greg Sabino Mullane <htamfids(at)gmail(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Effects of REVOKE SELECT ON ALL TABLES IN SCHEMA pg_catalog FROM PUBLIC |
| Date: | 2024-09-12 13:21:49 |
| Message-ID: | VisenaEmail.21.e9d63efdf68bfe51.191e663ceda@origo-test01.app.internal.visena.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
På torsdag 12. september 2024 kl. 15:05:48, skrev Greg Sabino Mullane <
htamfids(at)gmail(dot)com <mailto:htamfids(at)gmail(dot)com>>:
On Thu, Sep 12, 2024 at 12:52 AM Andreas Joseph Krogh <andreas(at)visena(dot)com
<mailto:andreas(at)visena(dot)com>> wrote:
I know PG is not designed for this, but I have this requirement nonetheless…
I think preventing “most users and tools" from seeing/presenting this
information is “good enough”.
As pointed out, there are very many workarounds. This is security theater.
Yes, it is theater, but that doesn't prevent “compliance people” to care about
it. We have to take measures to prevent “information leaks”.
--
Andreas Joseph Krogh
CTO / Partner - Visena AS
Mobile: +47 909 56 963
andreas(at)visena(dot)com <mailto:andreas(at)visena(dot)com>
www.visena.com <https://www.visena.com>
<https://www.visena.com>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dominique Devienne | 2024-09-12 13:45:01 | Re: Backward compat issue with v16 around ROLEs |
| Previous Message | Sanjay Minni | 2024-09-12 13:19:07 | RLS and Table Inheritance |