| From: | "Simon Riggs" <simon(at)2ndquadrant(dot)com> |
|---|---|
| To: | "Marc G(dot) Fournier" <scrappy(at)postgresql(dot)org>, "Andrew Dunstan" <andrew(at)dunslane(dot)net> |
| Cc: | <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | FW: Increasing security in a shared environment ... |
| Date: | 2004-03-31 07:58:30 |
| Message-ID: | KGEFLMPJFBNNLNOOOPLGAEENCHAA.simon@2ndquadrant.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
>Marc G. Fournier wrote
> Does anyone know how ppl like Oracle handle this? Are system catalogs
> like this open to all users?
The system catalogs for Oracle and most other systems I know of are
secure.
In both Oracle and Teradata the "system tables" are actually views,
which are actively granted access to users by the administrator. The
common set of views has a lookup in it to make sure only objects that
the user has *some* authority over are made available.
On Oracle, these are USER_ views, whereas the administrator has ALL_
views
These views look identical, so you can't even tell there's anything you
can't see.
I had been meaning to suggest that the rather useful \d commands in psql
make it through to wider use as system views...so now is a good time to
raise that suggestion. If they are worth having in psql, they are worth
giving to everyone and we can use that to implement security in just the
same way other systems already do.
Best Regards, Simon Riggs
| From | Date | Subject | |
|---|---|---|---|
| Next Message | vinayj | 2004-03-31 08:06:32 | Create Type Problem |
| Previous Message | Fabien COELHO | 2004-03-31 06:43:15 | Re: with vs without oids in pg_catalog.* |