Andreas Pflug <pgadmin@pse-consulting.de> writes:
> Tom Lane wrote:
>> As for the authentication-is-expensive issue, what of it? You *should*
>> have to authenticate yourself in order to look inside another person's
>> database. The sort of cross-database inspection being proposed here
>> would be a big security hole in many people's view.
>>
> Accessing pg_class et al using the current sysuseid with acl checking
> should be ok and satisfy security demands, no?
No. If the other user has you locked out from connecting to his
database at all, he's probably not going to feel that he should have to
disable your access to individual objects inside it.
This has some connections to the discussions we periodically have about
preventing Joe User from looking at the system catalogs. If we make any
changes in this area at all, I would expect them to be in the direction
of narrowing access, not widening it to include being able to see
other databases' catalogs.
regards, tom lane
