| From: | Decibel! <decibel(at)decibel(dot)org> |
|---|---|
| To: | "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Problem with recent permission changes commits |
| Date: | 2007-08-27 19:35:37 |
| Message-ID: | 20070827193537.GL54309@nasby.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, Aug 27, 2007 at 11:59:05AM -0700, Joshua D. Drake wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Decibel! wrote:
> > On Mon, Aug 27, 2007 at 08:08:34AM -0700, Joshua D. Drake wrote:
>
> >> This is a problem. Our analytics software purposefully does not use a
> >> super user, you are going to force the use of superusers with admin and
> >> monitoring tools.
> >
> > Well, you could always create a wrapper function that is SECURITY
> > DEFINER...
>
> Well from my perspective, it is nice that we don't have to install
> anything except a non privileged user to get what we need.
>
> Really, if we change this we might as well also block all access to
> information_schema, the net effect is the same.
Info_schema should be checking permissions the same as, say, \d does.
What I think we *really* need is a set of views for people to use that
have appropriate security, instead of using pg_catalog directly.
--
Decibel!, aka Jim Nasby decibel(at)decibel(dot)org
EnterpriseDB http://enterprisedb.com 512.569.9461 (cell)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2007-08-27 19:45:02 | Re: Insufficient attention to security in contrib (mostly) |
| Previous Message | Josh Berkus | 2007-08-27 19:22:45 | Re: Insufficient attention to security in contrib (mostly) |