Josh Berkus <josh@agliodbs.com> writes:
> Hmmm ... execept we're not requiring even permission on *one* DB in the
> tablespace are we?
The status-quo-ante was that any user could get the number for any
database and/or any tablespace. I'm prepared to admit that what I
committed is too strong, but no restriction at all still seems too weak.
> How difficult would it be to require
> that the requestor have CONNECT on at least one DB in the tablespace?
... in particular, that restriction seems pretty content-free for most
practical layouts. And it's got interesting security behaviors:
DBA A, by more-or-less innocently allowing some tables in his database B
to be created in tablespace C, might be allowing his unrelated user D to
find out info about some other database E that shares use of C. I'd
like there to have to be some direct, intended connection of D to E
before D can measure E's size ...
regards, tom lane
