> Right now anyone can look in pg_statistic and discover the min/max/most
> common values of other people's tables. That's not a lot of info, but
> it might still be more than you want them to find out. And the
> statistical changes that I'm about to commit will allow a couple dozen
> values to be exposed, not only three values per column.
>
> It seems to me that only superusers should be allowed to read the
> pg_statistic table. Or am I overreacting? Comments?
You are not overreacting. Imagine a salary column. I can imagine
max/min being quite interesting.
I doubt it is worth letting non-super users see values in that table.
Their only value is in debugging the optimizer, which seems like a
super-user job anyway.
-- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610)
853-3000+ If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill,
Pennsylvania19026
