Re: Opinion wanted: Default select rights for users via public - Mailing list pgsql-admin

From Oli Sennhauser
Subject Re: Opinion wanted: Default select rights for users via public
Date
Msg-id 3FEC4804.4040500@bluewin.ch
Whole thread Raw
In response to Re: Opinion wanted: Default select rights for users via public schema  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: Opinion wanted: Default select rights for users via public
List pgsql-admin
Hello Tom

Thank you for answering.

>>I found that all users have access to pg_class etc. by default. In my
>>opinion this causes some security questions or at least can make users
>>curious about things they should not.
>>
>>
>This isn't going to change, because it would break too many clients
>(as indeed you just found out).  Give users their own databases if you
>feel you need that much separation.
>
>
I see. But sometimes your solution is not possible. E.g. if I have a
critical application (banking?) and several kind of users on it. Some
users should NOT know, what is also around them but they have to use the
application. And if they know little about the rdbms they will find
things, they should not know, and they will be interested in and they
will search for knowing what is in, and so on....

In my opinion this is a (dd) design error done longe time ago. Now it
depends where do we want to go with PostgreSQL. In my opinion with this
"bug" (and some others) we will allways have the image of "little boys
(and girls) playing little around with rdbms.

Would it not be possible, e.g. to say we have a new interface now (e.g.
pg_tables, user_tables, all_tables and so on) and application should now
use the new interface and the old interface will outage in 2 or 3 years.
Otherwise we will never get rid of this problems.

Thanks for discussing
Oli

-------------------------------------------------------

Oli Sennhauser
Database-Engineer (Oracle & PostgreSQL)
Rebenweg 6
CH - 8610 Uster / Switzerland

Phone (+41) 1 940 24 82 or Mobile (+41) 79 450 49 14
e-Mail oli.sennhauser@bluewin.ch
Website http://mypage.bluewin.ch/shinguz/PostgreSQL/

Secure (signed/encrypted) e-Mail with a Free Personal SwissSign ID:
http://www.swisssign.ch

Import the SwissSign Root Certificate:
http://swisssign.net/cgi-bin/trust/import


Attachment

pgsql-admin by date:

Previous
From: Oli Sennhauser
Date:
Subject: UNIX File buffering disable?
Next
From: Sai Hertz And Control Systems
Date:
Subject: Re: UNIX File buffering disable?