| From: | "Christopher Kings-Lynne" <chriskl(at)familyhealth(dot)com(dot)au> |
|---|---|
| To: | "scott(dot)marlowe" <scott(dot)marlowe(at)ihs(dot)com>, <ohp(at)pyrenet(dot)fr> |
| Cc: | "pgsql-hackers list" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: security flaw |
| Date: | 2003-06-16 05:15:56 |
| Message-ID: | 08f401c333c6$5fe54cf0$6500a8c0@fhp.internal |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> Since schemas provide a simple way to limit your own view, they provide
> for that function.
>
> Can phppgadmin be programmed to only use certain search paths in the
> schema?
Not at the moment. The only control you have is 'show only owned databases'.
'Show only owned schemas' is also quite easy. Even better would be if I
filtered the list of schemas by 'has_object_privilege(schemaoid, 'USAGE')'
or however that function works.
The general philosophy of phpPgAdmin is to allow everything that PostgreSQL
allows and don't try to be clever about restricting things because such
restrictions are pure fantasy since we let people execute whatever SQL they
want.
Chris
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Christopher Kings-Lynne | 2003-06-16 05:17:21 | Re: Groups and roles |
| Previous Message | Bruce Momjian | 2003-06-16 05:07:59 | Re: ECPG CVS version problems |