KaiGai Kohei <kaigai@ak.jp.nec.com> wrote:
> > we still allow "SELECT * FROM pg_largeobject" ...right?
>
> It can be solved with revoking any privileges from anybody in the initdb
> phase. So, we should inject the following statement for setup_privileges().
>
> REVOKE ALL ON pg_largeobject FROM PUBLIC;
OK, I'll add the following description in the documentation of pg_largeobject.
<structname>pg_largeobject</structname> should not be readable by the public, since the catalog contains data in
largeobjects of all users. <structname>pg_largeobject_metadata</> is a publicly readable catalog that only contains
identifiersof large objects.
> {"lo_compat_privileges", PGC_SUSET, COMPAT_OPTIONS_PREVIOUS,
> gettext_noop("Turn on/off privilege checks on large objects."),
The description is true, but gives a confusion because
"lo_compat_privileges = on" means "privilege checks are turned off".
short desc: Enables backward compatibility in privilege checks on large objects long desc: When turned on, privilege
checkson large objects are disabled.
Are those descriptions appropriate?
Regards,
---
Takahiro Itagaki
NTT Open Source Software Center