| From: | Bruce Momjian <maillist(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | olly(at)lfix(dot)co(dot)uk (Oliver Elphick) |
| Cc: | pgsql-hackers(at)hub(dot)org |
| Subject: | Re: [HACKERS] Here it is - view permissions |
| Date: | 1998-02-23 22:35:09 |
| Message-ID: | 199802232235.RAA08178@candle.pha.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
>
> Bruce Momjian wrote:
> >All tables are created with default permissions for SELECT to PUBLIC, so
> >views are no different.
>
> Is this not contrary to the SQL standard? I understood that SQL tables
> are created with permissions for their creator only; any permissions for
> other users must be granted explicitly. According to "SQL The Standard
> Handbook" (Cannan & Otten, 1993), the owner of the schema in which a table
> is created is given a full set of privileges, and no other user can access
Will be the default in 6.3, I think.
> the table or even discover that it exists!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Not in 6.3, or maybe ever. Too much OO stuff for that, I think.
>
> It certainly seems undesirable to give automatic access to data of unknown
> sensitivity. Surely the default permission should be for the table's
> creator alone or for the owner of the PostgreSQL database (which I suppose
> is equivalent to the `schema').
>
> I see that Jan Wieck has posted a method for preventing world readability;
> perhaps this should just be flagged as a configurable option.
--
Bruce Momjian | 830 Blythe Avenue
maillist(at)candle(dot)pha(dot)pa(dot)us | Drexel Hill, Pennsylvania 19026
+ If your life is a hard drive, | (610) 353-9879(w)
+ Christ can be your backup. | (610) 853-3000(h)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Brett McCormick | 1998-02-23 23:06:32 | Re: [HACKERS] Here it is - view permissions |
| Previous Message | Jan Wieck | 1998-02-23 22:27:59 | Re: [HACKERS] Here it is - view permissions |