> -----Original Message-----
> From: Merlin Moncure [mailto:merlin.moncure@rcsonline.com]
> Sent: 16 March 2005 16:33
> To: Dave Page
> Cc: pgadmin-hackers@postgresql.org
> Subject: RE: [pgadmin-hackers] prevent users from seeing
> pl/pgsql code in pgadmin
>
>
> I also tried hacking the search path and putting a pg_proc table into
> the public schema. While this fixed select * from pg_proc
> (but not /df),
> pgAdmin still pulled the function source.
Odd - it didn't here. Every query on pg_proc resulted in a message box
telling me it couldn't select from pg_proc - protecting the source, but
breaking pgAdmin.
> Without checking, I'm
> assuming pgAdmin prefixes the catalog tables in the metadata queries
> (aside: should it?).
Actually, no it doesn't - having just checked my server logs, it doesn't
even set the search path to ensure it's sane. I don't suppose anyone
ever hacked their master database around enough to cause problems there!
> Well, I was hoping for some easy trick but apparently there isn't one.
> I think this is one for -hackers.
It seems to me that it needs a special privilege to grant select on that
*column* to users that didn't create that row or already have
appropriate privs. I suspect that would be quite a hack :-(
Regards, Dave
