Andrew Dunstan <andrew@dunslane.net> writes:
> I just played around briefly with removing *all* public access to a
> couple of catalog tables - pg_class and pg_attrdef. Obviously this
> breaks things like \d and friends. I'm not sure how much else it might
> break -
pg_dump, for starters ...
I'm not sure that hiding the contents of the current database's catalog
is all that useful a goal in practice. If you have two users sharing a
database then probably you *want* them to be able to exchange some
amount of information. I can see the use-case for hiding contents of
the shared tables (pg_database, pg_shadow, pg_group) in installations
where different users have different databases but you want to run just
one common postmaster. Even there, though, it doesn't seem all that
essential --- its only usefulness is security by obscurity.
regards, tom lane
