| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | Rod Taylor <rbt(at)zort(dot)ca>, Hackers List <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Security Issue.. |
| Date: | 2002-04-15 02:33:31 |
| Message-ID: | 6169.1018838011@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> For instance, if you create a view
> CREATE VIEW bar AS SELECT * FROM foo;
> then the statement
> SELECT * FROM bar;
> needs privileges to read "foo".
This works just fine, thank you: the privileges are checked against the
owner of the view.
> The privileges would need to be changed
> to be checked at view creation time.
That would be broken; privileges are and must be checked at query
time not view creation time.
But having said that, I do not foresee being able to replace direct
pg_catalog access with INFORMATION_SCHEMA views anytime soon. There
are too many clients out there that are used to doing it that way.
Moreover, pg_dump will never be able to work off INFORMATION_SCHEMA,
because it needs to get at Postgres-specific information that will
not be available from a spec-compliant set of views. I'm fairly
dubious about converting psql, even.
Rod's welcome to work on developing a set of spec-compliant
INFORMATION_SCHEMA views ... and maybe he can even turn off public
read access to pg_catalog in his own installation ... but he should
not expect us to accept a patch that makes that the default anytime
in the foreseeable future.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2002-04-15 02:36:01 | Re: regexp character class locale awareness patch |
| Previous Message | Tatsuo Ishii | 2002-04-15 02:28:04 | Re: regexp character class locale awareness patch |