| From: | Dinesh Bhandary <dbhandary(at)iii(dot)com> |
|---|---|
| To: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: revoked permissions on table still allows users to see table's structure |
| Date: | 2011-07-22 18:09:45 |
| Message-ID: | 4E29BCE9.2010301@iii.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
We had the same problem, and we still do not have an elegant solution,
we have a workaround which I really don't like.
I agree with Juan - it is a limitation. I understand that you can solve
this problem outside of a database, but it will be nice to have a
strictly read only user who can just see data of the assigned objects
and nothing else.
Dinesh
O-+n 7/22/2011 11:00 AM, Kevin Grittner wrote:
> "Juan Cuervo (Quality Telecom)"<juanrcuervo(at)quality-telecom(dot)net>
> wrote:
>
>> Imagine you own a software development company,
>
> Not too hard for me. Been there, done that.
>
>> and decides to base the company's product on Postgresql databases.
>> Such a company surely dont want to expose his database design to
>> its customers, but in some time might want to provide 'select'
>> access to some users, so they can pull data to external datamining
>> or data analisys tools, for example. If this is not possible in
>> postgresql right now, then all users with connect privilege will
>> be able to see not only the table's structure, but also the stored
>> procedures code, wich in many cases, stores a business logic or
>> know-how.
>
> Imagine that the software is running on a machine under the client's
> control, where they have root access to the OS. They can then
> disassemble or debug through code to see how the encrypted procedure
> code is turned into something the database can compile, they can
> connect to the database as the superuser to view all details. The
> only protection provided by what you suggest is from those too inept
> to really pose a competitive threat. If you think some other
> product gives you protection beyond this, it is an illusion.
>
> The only way to protect your schema and logic from view is to offer
> "software as a service". While someone might still infer a lot
> about the structure of the data and the logic of the code from
> observing its displays and the procedures available to the user, you
> would have some insulation.
>
> -Kevin
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Scott Ribe | 2011-07-22 18:21:48 | Re: revoked permissions on table still allows users to see table's structure |
| Previous Message | Igor Neyman | 2011-07-22 18:09:07 | Re: revoked permissions on table still allows users to see table's structure |