Skip site navigation (1) Skip section navigation (2)

FW: Increasing security in a shared environment ...

From: "Simon Riggs" <simon(at)2ndquadrant(dot)com>
To: "Marc G(dot) Fournier" <scrappy(at)postgresql(dot)org>,"Andrew Dunstan" <andrew(at)dunslane(dot)net>
Cc: <pgsql-hackers(at)postgresql(dot)org>
Subject: FW: Increasing security in a shared environment ...
Date: 2004-03-31 07:58:30
Message-ID: KGEFLMPJFBNNLNOOOPLGAEENCHAA.simon@2ndquadrant.com (view raw or flat)
Thread:
Lists: pgsql-hackers

>Marc G. Fournier wrote
> Does anyone know how ppl like Oracle handle this?  Are system catalogs
> like this open to all users?

The system catalogs for Oracle and most other systems I know of are
secure.

In both Oracle and Teradata the "system tables" are actually views,
which are actively granted access to users by the administrator. The
common set of views has a lookup in it to make sure only objects that
the user has *some* authority over are made available.

On Oracle, these are USER_ views, whereas the administrator has ALL_
views

These views look identical, so you can't even tell there's anything you
can't see.

I had been meaning to suggest that the rather useful \d commands in psql
make it through to wider use as system views...so now is a good time to
raise that suggestion. If they are worth having in psql, they are worth
giving to everyone and we can use that to implement security in just the
same way other systems already do.

Best Regards, Simon Riggs


pgsql-hackers by date

Next:From: vinayjDate: 2004-03-31 08:06:32
Subject: Create Type Problem
Previous:From: Fabien COELHODate: 2004-03-31 06:43:15
Subject: Re: with vs without oids in pg_catalog.*

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group