> 2. If somebody manages to hijack your connection, you have much worse
> problems than whether they can read your system catalogs. They can at
> least copy, and probably modify, your user data.
If I have restricted those permissions (i.e. access to specific schemas
only, allowing specific operations - like INSERT only on just the tables
needed for that particular db user) how would a user, who hijacked the
connection, be able to "at least copy, and probably modify user data" then?
> The catalogs are
> unlikely to contain anything that's very interesting to an attacker
> who knows enough about your operations to hijack a connection in the
> first place.
>
They give a comprehensive information about the entire structure of the
database - that, at least to me, is good-enough reason to restrict such
an access.
