Home > mailing lists

Re: Views, views, views: Summary of Arguments - Mailing list pgsql-hackers

From	Andrew Dunstan
Subject	Re: Views, views, views: Summary of Arguments
Date	May 13, 2005 17:34:23
Msg-id	4284E514.8040408@dunslane.net Whole thread Raw
In response to	Re: Views, views, views: Summary of Arguments (Josh Berkus <josh@agliodbs.com>)
Responses	Re: Catalog Security WAS: Views, views, views: Summary of Arguments (Josh Berkus <josh@agliodbs.com>)
List	pgsql-hackers

Tree view

Josh Berkus wrote:

>Andrew,
>
>  
>
>>Not really, no. It would just be one more thing that my hardening script
>>had to remove permissions from.
>>    
>>
>
>Hmmm ... even though the sysviews check users' permissions?  That was one of 
>our ideas behind making it "safer than the system catalogs".
>  
>

It might be safer, but that doesn't hit my target at all. I am aiming at 
a zero-knowledge user, i.e. one who cannot discover anything at all 
about the db. The idea is that even if subvert can subvert a client and 
get access to the db the amount of metadata they can discover is as 
close to zero as possible.

cheers

andrew

pgsql-hackers by date:

From: Josh Berkus
Date: 13 May 2005, 17:12:08
Subject: Re: Views, views, views: Summary of Arguments

From: Josh Berkus
Date: 13 May 2005, 17:41:13
Subject: Re: Catalog Security WAS: Views, views, views: Summary of Arguments

Re: Views, views, views: Summary of Arguments - Mailing list pgsql-hackers

Previous

Next