Re: securing pg_proc - Mailing list pgsql-hackers

From Tom Lane
Subject Re: securing pg_proc
Date
Msg-id 24721.1111075628@sss.pgh.pa.us
Whole thread Raw
In response to securing pg_proc  ("Merlin Moncure" <merlin.moncure@rcsonline.com>)
List pgsql-hackers
"Merlin Moncure" <merlin.moncure@rcsonline.com> writes:
> 1. Am I totally off my rocker for suggesting users without 'execute'
> priv. should not be able to view procedure source.

1. I don't particularly buy that, no.  Why draw the line at seeing
source code?  The mere name and argument list might be considered
'sensitive' information.

2. We haven't had a policy of hiding schema information in the past, and
I don't think it's the sort of thing that can usefully be bolted on
piecemeal.

3. The people who ask for this sort of thing frequently don't want those
with execute permission to look at the source, either, so your proposed
solution really isn't going to satisfy anybody.
        regards, tom lane


pgsql-hackers by date:

Previous
From: "Merlin Moncure"
Date:
Subject: securing pg_proc
Next
From: "Merlin Moncure"
Date:
Subject: Re: securing pg_proc