Home > mailing lists

Isn't pg_statistic a security hole? - Mailing list pgsql-hackers

From	Tom Lane
Subject	Isn't pg_statistic a security hole?
Date	May 6, 2001 16:15:30
Msg-id	28789.989169286@sss.pgh.pa.us Whole thread Raw
Responses	Re: Isn't pg_statistic a security hole? (Bruce Momjian <pgman@candle.pha.pa.us>)
List	pgsql-hackers

Tree view

Right now anyone can look in pg_statistic and discover the min/max/most
common values of other people's tables.  That's not a lot of info, but
it might still be more than you want them to find out.  And the
statistical changes that I'm about to commit will allow a couple dozen
values to be exposed, not only three values per column.

It seems to me that only superusers should be allowed to read the
pg_statistic table.  Or am I overreacting?  Comments?
        regards, tom lane

pgsql-hackers by date:

From: Tom Lane
Date: 06 May 2001, 16:15:14
Subject: Re: Re: New Linux xfs/reiser file systems

From: "Serguei Mokhov"
Date: 06 May 2001, 16:23:49
Subject: Re: Isn't pg_statistic a security hole?

Isn't pg_statistic a security hole? - Mailing list pgsql-hackers

Previous

Next