Peter Eisentraut wrote:
> On tor, 2009-12-10 at 17:20 -0500, Andrew Dunstan wrote:
>
>> Some time later it came up again, this time when someone wanted to use a
>> readonly database (hence no pg_dump required) with an application and
>> wanted to keep the database layout and the source code of stored
>> functions hidden as they regarded it as proprietary information.
>>
>
> Well, the information schema already implements a policy of this sort,
> because it only shows information about things you have some kind of
> access to. (I assume you are allowed to know about the things you have
> access to.)
>
> The problem in this sort of scheme is always that the system catalogs
> are world readable, and changing that would break about every tool and
> driver in existence. It's not clear how to fix that, at least not
> without row-level security. Or how did your old patch address this?
>
>
>
Well, it will certainly break plenty of things. But it didn't prevent
the client from doing the things we wanted to allow it to do, i.e. make
a few function calls.
Basically what I did was to revoke public privileges from just about
everything I could lay my hands on and regrant the same privileges to a
group called pseudopublic, which contained every user but the one I
wanted to restrict. The client I tested with was psql, and I recall
being surprised that I was still able to do what I wanted - I had
thought I would break things completely. I haven't tried to repeat the
experiment recently, though.
cheers
andrew
