| From: | Phil Frost <indigo(at)bitglue(dot)com> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: lastval exposes information that currval does not |
| Date: | 2006-07-19 14:05:32 |
| Message-ID: | 20060719140532.GA29103@unununium.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Jul 12, 2006 at 06:09:31PM -0400, Bruce Momjian wrote:
> Phil Frost wrote:
> > On Wed, Jul 12, 2006 at 11:37:37AM -0400, Bruce Momjian wrote:
> > >
> > > Updated text:
> > >
> > > For schemas, allows access to objects contained in the specified
> > > schema (assuming that the objects' own privilege requirements are
> > > also met). Essentially this allows the grantee to <quote>look up</>
> > > objects within the schema. Without this permission, it is still
> > > possible to see the object names by querying the system tables, but
> > > they cannot be accessed via SQL.
> >
> > No, this still misses the point entirely. See all my examples in this
> > thread for ways I have accessed objects without usage to their schema
> > with SQL.
>
> OK, well we are not putting a huge paragraph in there. Please suggest
> updated text.
Well, if you won't explain the whole situation, nor change it, then all
you can really say is it doesn't really work always. How about this:
For schemas, allows access to objects contained in the specified
schema. Note that the converse is not true in many cases: revoking
usage on a schema is not sufficient to prevent access in all cases.
There is precedent for new ways to bypass this check being added in
future releases. It would be unwise to give this privilege much
security value.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2006-07-19 14:12:08 | Re: [HACKERS] pg_regress in C |
| Previous Message | Stephen Frost | 2006-07-19 13:44:33 | Re: feature request: pg_dump --view |