On Thu, Oct 10, 2002 at 08:42:32AM -0400, Robert Treat wrote:
> On Wednesday 09 October 2002 08:29 pm, Martijn van Oosterhout wrote:
> > If you prevented SELECT access to the system tables, that would mean they
> > couldn't execute queries, since the parser needs to access system tables to
> > work out what fields are in tables, what indexes are available and such
> > things.
> >
> > What are you trying to achieve?
>
> If I could prevent access to pg_proc the user would (theoretically) not be
> able to run any functions, and more importantly would not be able to see the
> source of my functions. I believe the same hold true for pg_views.
Well, that won't work. pg_proc also contains the functions that parse and
output data to the client. You do realise that pg_views, pg_tables and
pg_indexes are themselves views. The typecasts used are also looked up in
pg_proc. Even tab-completion from psql uses a function.
If you don't want users to see the source to your functions, write them in a
way that doesn't require the source within postgres, like loading in an
external library.
--
Martijn van Oosterhout <kleptog@svana.org> http://svana.org/kleptog/
> There are 10 kinds of people in the world, those that can do binary
> arithmetic and those that can't.