Being a simple user, I still want
to view the stats from the table,
but it should be limited only
to the stuff I own. I don't wanna
let others see any of my info, however.
The SU's, of course, should be able to read
all the stats.
----- Original Message -----
From: Tom Lane <tgl@sss.pgh.pa.us>
To: <pgsql-hackers@postgresql.org>
Sent: Sunday, May 06, 2001 1:14 PM
Subject: [HACKERS] Isn't pg_statistic a security hole?
> Right now anyone can look in pg_statistic and discover the min/max/most
> common values of other people's tables. That's not a lot of info, but
> it might still be more than you want them to find out. And the
> statistical changes that I'm about to commit will allow a couple dozen
> values to be exposed, not only three values per column.
>
> It seems to me that only superusers should be allowed to read the
> pg_statistic table. Or am I overreacting? Comments?
>
> regards, tom lane
>
> ---------------------------(end of broadcast)---------------------------
> TIP 4: Don't 'kill -9' the postmaster
