Re: Views, views, views: Summary of Arguments

On 2005-05-13, Andrew Dunstan <andrew(at)dunslane(dot)net> wrote:
> Josh Berkus wrote:
>><plug>Doesn't it seem like a really complete set of system views (based on
>>information_schema or otherwise) would potentially allow securing the
>>pg_catalog?</plug>
>
> Not really, no. It would just be one more thing that my hardening script
> had to remove permissions from.

It is specifically intended that you should not have to do that. The
precise qualification rules are not yet firmly defined, but if a
non-superuser can see anything in the views that does not relate to a
permission that was actually granted to them, then it is a bug. (Areas
which I expect to need some fine-tuning are: the schema contents view,
the rules and triggers views, and possibly some of the constraint info.)

> I still have an open mind about the sysviews project, but the more
> oversold, hyped and promoted with bogus arguments it gets the more
> skeptical I become.

I have to say that I find the arguments _against_ it just as bogus.

Most significantly, there is a lot of comment on what people _think_
we could do (or not do), and no comment about what we actually _did_.
I strongly suggest to anyone thinking of commenting on them that you
actually install them and look at them first - while the project is as
yet unfinished, and there is a lack of documentation and plenty of
rough edges (and quite likely some bugs too), it does actually work and
a number of people (some of whom have commented in this thread) have
already found it useful. Grab a copy of it from pgfoundry's CVS, go into
the sql/ directory and run ./build.sh yourdatabasename (as a superuser,
you can add options like -U if needed - the options to build.sh are just
passed on to psql).

--
Andrew, Supernews
http://www.supernews.com - individual and corporate NNTP services