Home > mailing lists

Re: Security Issue.. - Mailing list pgsql-hackers

From	Bruce Momjian
Subject	Re: Security Issue..
Date	April 15, 2002 00:34:38
Msg-id	200204150133.g3F1XcJ09706@candle.pha.pa.us Whole thread Raw
In response to	Security Issue.. ("Rod Taylor" <rbt@zort.ca>)
List	pgsql-hackers

Tree view

Rod Taylor wrote:
> I'm running into a minor issue with security in regards to users being
> able to see constructs that they have no access too.
> 
> The solution?  Information_Schema coupled with no direct access to
> pg_catalog.  Internals can use pg_catalog, possibly super users, but
> regular users shouldn't be able to do any reads / writes to it
> directly -- as per spec with definition_schema.

Is the problem that people can see system catalog columns that should be
more secure?

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026

pgsql-hackers by date:

From: "Rod Taylor"
Date: 15 April 2002, 00:26:47
Subject: Security Issue..

From: Peter Eisentraut
Date: 15 April 2002, 00:40:24
Subject: Re: Security Issue..

Re: Security Issue.. - Mailing list pgsql-hackers

Previous

Next