Home > mailing lists

Re: Insufficient attention to security in contrib (mostly) - Mailing list pgsql-hackers

From	Dave Page
Subject	Re: Insufficient attention to security in contrib (mostly)
Date	August 28, 2007 15:36:15
Msg-id	46D440E4.6030202@postgresql.org Whole thread Raw
In response to	Re: Insufficient attention to security in contrib (mostly) (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: Insufficient attention to security in contrib (mostly) (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view

Tom Lane wrote:
> * no restriction on database-size function *when applied to the current
> database* (again, you could look into pg_class); to apply to some other
> database, you must have connect privileges.  (Actually, on the
> assumption that you must have connect privs to current DB, I guess we
> could simplify that to connect privs on target DB, full stop.)

The latter would be preferrable for pgAdmin which queries database-level
info from the maintenance DB (usually postgres).

> * tablespace-size function requires being owner of current DB.

I assume superusers will also be able to use it, not just the actual owner?

/D

pgsql-hackers by date:

From: Tom Lane
Date: 28 August 2007, 15:25:17
Subject: Re: Insufficient attention to security in contrib (mostly)

From: Bruce Momjian
Date: 28 August 2007, 15:44:14
Subject: Re: FW: was [PERFORM] partitioned table and ORDER BY indexed_field DESC LIMIT 1

Re: Insufficient attention to security in contrib (mostly) - Mailing list pgsql-hackers

Previous

Next