Skip site navigation (1) Skip section navigation (2)

Re: Tablespace patch review

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Andreas Pflug <pgadmin(at)pse-consulting(dot)de>
Cc: Gavin Sherry <swm(at)linuxworld(dot)com(dot)au>,Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>,PostgreSQL-patches <pgsql-patches(at)postgresql(dot)org>
Subject: Re: Tablespace patch review
Date: 2004-06-19 00:01:17
Message-ID: 4931.1087603277@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-patches
Andreas Pflug <pgadmin(at)pse-consulting(dot)de> writes:
> Tom Lane wrote:
>> As for the authentication-is-expensive issue, what of it?  You *should*
>> have to authenticate yourself in order to look inside another person's
>> database.  The sort of cross-database inspection being proposed here
>> would be a big security hole in many people's view.
>> 
> Accessing pg_class et al using the current sysuseid with acl checking 
> should be ok and satisfy security demands, no?

No.  If the other user has you locked out from connecting to his
database at all, he's probably not going to feel that he should have to
disable your access to individual objects inside it.

This has some connections to the discussions we periodically have about
preventing Joe User from looking at the system catalogs.  If we make any
changes in this area at all, I would expect them to be in the direction
of narrowing access, not widening it to include being able to see
other databases' catalogs.

			regards, tom lane

In response to

Responses

pgsql-hackers by date

Next:From: Bruce MomjianDate: 2004-06-19 00:05:41
Subject: Re: Tablespace patch review
Previous:From: Andreas PflugDate: 2004-06-18 23:49:37
Subject: Re: Tablespace patch review

pgsql-patches by date

Next:From: Bruce MomjianDate: 2004-06-19 00:05:41
Subject: Re: Tablespace patch review
Previous:From: Andreas PflugDate: 2004-06-18 23:49:37
Subject: Re: Tablespace patch review

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group