Tom Lane wrote:
> Joseph S <jks@selectacast.net> writes:
>>> Tom Lane committed:
>>> - Restrict pg_relation_size to relation owner, pg_database_size to DB
>>> owner, and pg_tablespace_size to superusers. Perhaps we could
>>> weaken the first case to just require SELECT privilege, but that
>>> doesn't work for the other cases, so use ownership as the common
>>> concept.
>>>
>> Is there going to be a way to turn this off easily?
>
> No. If you want to make an argument for weaker restrictions than these,
> argue away, but security restrictions that can be "easily turned off"
> are no security at all.
I don't see how letting the size of a database or relation is a big
security risk. I do see how forcing me to login as the superuser to see
my db stats creates more of a security risk.
