Michael Gill said:
> Hello,
>
> I've tried asking this question elsewhere and have not received a
> satisfactory response.
>
> I want to restrict users of my packaged database from directly
> accessing the data or reading the schema. I would provide access to
> the read-only data through functions (which works well in PG). I find
> that \d will expose the structure even though the user can't select:
>
> movies=> \d codeset.first_table
> Table "codeset.first_table"
> Column | Type | Modifiers
> --------+---------+-----------
> col1 | integer |
> col2 | integer |
>
> movies=> select * from codeset.first_table;
> ERROR: permission denied for schema codeset
>
> Is there any way to hide the structure from a particular user. I can't
> use Postgresql if I can't encapsulate our intellectual property.
>
How will purchasers of your product run pg_dump if the superuser can't get
at the database schema?
The only way I can see to do this in general is some sort of filter layer
between the database and the user.
I'm mildly dubious of the IP value of a database schema, I must confess. I
guess you could also play funny games with the column and table names to
obscure the semantics, at the obvious cost of a maintenance nightmare.
cheers
andrew
