Skip site navigation (1)
Skip section navigation (2)
Peripheral Links
Header And Logo
|
Site Navigation
Re: [ANNOUNCE] == PostgreSQL Weekly News - August 26 2007 ==
- From: Joseph S <jks(at)selectacast(dot)net>
- To: pgsql-general(at)postgresql(dot)org
- Subject: Re: [ANNOUNCE] == PostgreSQL Weekly News - August 26 2007 ==
- Date: Mon, 27 Aug 2007 13:34:43 -0400
- Message-id: <fav1vj$2ui3$1(at)news(dot)hub(dot)org>
Tom Lane wrote:
Joseph S <jks(at)selectacast(dot)net> writes:Tom Lane committed: - Restrict pg_relation_size to relation owner, pg_database_size to DB owner, and pg_tablespace_size to superusers. Perhaps we could weaken the first case to just require SELECT privilege, but that doesn't work for the other cases, so use ownership as the common concept.Is there going to be a way to turn this off easily?No. If you want to make an argument for weaker restrictions than these, argue away, but security restrictions that can be "easily turned off" are no security at all.
I don't see how letting the size of a database or relation is a big security risk. I do see how forcing me to login as the superuser to see my db stats creates more of a security risk.
- References:
- Re: [ANNOUNCE] == PostgreSQL Weekly News - August 26 2007 ==
- From: Joseph S
- Re: [ANNOUNCE] == PostgreSQL Weekly News - August 26 2007 ==
- From: Tom Lane
- Re: [ANNOUNCE] == PostgreSQL Weekly News - August 26 2007 ==
- Prev by Date: Re: PostgreSQL vs Firebird feature comparison finished
- Next by Date: PickSplit method of 2 columns ... error
- Previous by thread: Re: [ANNOUNCE] == PostgreSQL Weekly News - August 26 2007 ==
- Next by thread: PickSplit method of 2 columns ... error
- Indexes: