Re: security flaw - Mailing list pgsql-hackers

From Christopher Kings-Lynne
Subject Re: security flaw
Date
Msg-id 08f401c333c6$5fe54cf0$6500a8c0@fhp.internal
Whole thread Raw
In response to Re: security flaw  ("scott.marlowe" <scott.marlowe@ihs.com>)
List pgsql-hackers
> Since schemas provide a simple way to limit your own view, they provide
> for that function.
>
> Can phppgadmin be programmed to only use certain search paths in the
> schema?

Not at the moment. The only control you have is 'show only owned databases'.
'Show only owned schemas' is also quite easy.  Even better would be if I
filtered the list of schemas by 'has_object_privilege(schemaoid, 'USAGE')'
or however that function works.

The general philosophy of phpPgAdmin is to allow everything that PostgreSQL
allows and don't try to be clever about restricting things because such
restrictions are pure fantasy since we let people execute whatever SQL they
want.

Chris



pgsql-hackers by date:

Previous
From: Jan Wieck
Date:
Subject: Re: Data recovery - URGENT
Next
From: "Christopher Kings-Lynne"
Date:
Subject: Re: Groups and roles