| From: | Andrew - Supernews <andrew+nonews(at)supernews(dot)com> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Catalog Security WAS: Views, views, views: Summary of Arguments |
| Date: | 2005-05-13 17:50:56 |
| Message-ID: | slrnd89q80.129j.andrew+nonews@trinity.supernews.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 2005-05-13, Josh Berkus <josh(at)agliodbs(dot)com> wrote:
> Andrew,
>> It might be safer, but that doesn't hit my target at all. I am aiming at
>> a zero-knowledge user, i.e. one who cannot discover anything at all
>> about the db. The idea is that even if subvert can subvert a client and
>> get access to the db the amount of metadata they can discover is as
>> close to zero as possible.
>
> Yeah, I can see that. I've personally had this concern about our PG
> installation on the web server, and as you know about pgFoundry as well,
> especially since GForge does not use good user security.
>
> However, I see 2 seperate cases here:
>
> 1) The "ISP" case, where you want to hide all catalog information from the
> users except the database owner or superuser.
I don't believe this is ever feasible in practice, since client interfaces
at any level higher than libpq will need to access metadata corresponding
to the data they are retrieving.
--
Andrew, Supernews
http://www.supernews.com - individual and corporate NNTP services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Josh Berkus | 2005-05-13 18:06:03 | Re: Fix PID file location? |
| Previous Message | Andrew - Supernews | 2005-05-13 17:43:11 | Re: Views, views, views: Summary of Arguments |