Postgres Pro
Downloads
Home   >   mailing lists

Thread: Re: Views, views, views: Summary of Arguments

Re: Views, views, views: Summary of Arguments

From
"Merlin Moncure"
Date:
Tom Lane wrote:
> "Merlin Moncure" <merlin.moncure@rcsonline.com> writes:
> > Argument 3: backwards compatibility.  Do you remember how
tablespaces
> > introduction broke pgAdmin?
>
> This argument, at least, is bogus.  See my original comments to Josh:
> it is not credible that these views will be significantly more stable
> than the underlying catalogs.  We don't change the catalogs on whims;
> we change them because we have to in order to make some significant
> improvement in functionality.  For instance, if this nested-schema
> idea goes in, the proposed views will have to change, or else become
> useless for most of the purposes they are being touted for.

Ok, I agree.

To be honest, I think the usability arguments are specious at best when
we have the information schema.  In fact, IMO it is a mistake to add a
third way of describing the database unless there were plans to make
significant changes to the system schema.

However, I think PostgreSQL has a fairly serious security problem in
that the system catalogs are open to the public.  I don't seem to be
winning many supporters on this particular point though.  I wonder if
people are aware just how much information a completely unprivileged
account can pull out of the database?

Including but not limited to:
1. all source code of user defined functions
2. list of all users on system (but not passwords)
etc.

Merlin

Re: Views, views, views: Summary of Arguments

From
Tom Lane
Date:
"Merlin Moncure" <merlin.moncure@rcsonline.com> writes:
> However, I think PostgreSQL has a fairly serious security problem in
> that the system catalogs are open to the public.  I don't seem to be
> winning many supporters on this particular point though.

No, you're not, and it's not like we've never heard this argument
before.

Just upthread there were several complaints about the information_schema
being too restrictive to be useful --- I think we'd get a whole lot more
of that if we tried to prevent direct examination of the catalogs.
        regards, tom lane

Re: Views, views, views: Summary of Arguments

From
Andrew Dunstan
Date:

Tom Lane wrote:

>"Merlin Moncure" <merlin.moncure@rcsonline.com> writes:
>  
>
>>However, I think PostgreSQL has a fairly serious security problem in
>>that the system catalogs are open to the public.  I don't seem to be
>>winning many supporters on this particular point though.
>>    
>>
>
>No, you're not, and it's not like we've never heard this argument
>before.
>
>Just upthread there were several complaints about the information_schema
>being too restrictive to be useful --- I think we'd get a whole lot more
>of that if we tried to prevent direct examination of the catalogs.
>
>
>  
>

There is a case for a facility to "harden" postgres. My experiments some 
time ago show you can pretty much hide everything without breaking 
anything badly if you're careful. I have it on my personal TODO list to 
complete a hardening script - although I have no idea when I'll get to it.

cheers

andrew