| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Joseph S <jks(at)selectacast(dot)net> |
| Cc: | pgsql general list <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: [ANNOUNCE] == PostgreSQL Weekly News - August 26 2007 == |
| Date: | 2007-08-27 15:40:18 |
| Message-ID: | 1100.1188229218@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-announce pgsql-general |
Joseph S <jks(at)selectacast(dot)net> writes:
>> Tom Lane committed:
>> - Restrict pg_relation_size to relation owner, pg_database_size to DB
>> owner, and pg_tablespace_size to superusers. Perhaps we could
>> weaken the first case to just require SELECT privilege, but that
>> doesn't work for the other cases, so use ownership as the common
>> concept.
>>
> Is there going to be a way to turn this off easily?
No. If you want to make an argument for weaker restrictions than these,
argue away, but security restrictions that can be "easily turned off"
are no security at all.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joshua D. Drake | 2007-08-27 16:04:53 | Re: [ANNOUNCE] == PostgreSQL Weekly News - August 26 2007 == |
| Previous Message | Joseph S | 2007-08-27 13:28:40 | Re: [ANNOUNCE] == PostgreSQL Weekly News - August 26 2007 == |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Trevor Talbot | 2007-08-27 15:48:19 | Re: [HACKERS] Undetected corruption of table files |
| Previous Message | Tom Lane | 2007-08-27 15:37:44 | Re: Out of Memory - 8.2.4 |