On Thu, May 12, 2022 at 7:35 PM Bryn Llewellyn <bryn@yugabyte.com> wrote:
However, the design decision that, way back when, leads to this outcome does surprise me. The principle of least privilege insists that (in the database regime) you can create users that can do exactly and only what they need to do. This implies that my "client" should not be able to list all the objects in the database (and all the users in the cluster).
While I tend to agree, there is a degree of symmetry in this Open Source Database having a catalog that itself is basically Open Source.
I find it telling that the cryptography field believes it is a net positive for their algorithms to be published, eschewing security by obscurity. Only (some of) the input data, private key or otherwise, has to have a private component.
If there was any motivation to improve PostgreSQL on this front I'd like them to start with "routine bodies" being hidden away from inspection. I'm much less concerned about pg_class or even knowing the names of things.
This has been discussed a number of times, probably every few years or so. My quick search failed to find any relevant links/threads in the archives, though I didn't try that hard.
