Takahiro Itagaki wrote: > KaiGai Kohei <kai...@ak.jp.nec.com> wrote: > >>> we still allow "SELECT * FROM pg_largeobject" ...right? >> It can be solved with revoking any privileges from anybody in the initdb >> phase. So, we should inject the following statement for setup_privileges(). >> >> REVOKE ALL ON pg_largeobject FROM PUBLIC; > > OK, I'll add the following description in the documentation of pg_largeobject. > > <structname>pg_largeobject</structname> should not be readable by the > public, since the catalog contains data in large objects of all users. > <structname>pg_largeobject_metadata</> is a publicly readable catalog > that only contains identifiers of large objects.
It makes sense to me. >> {"lo_compat_privileges", PGC_SUSET, COMPAT_OPTIONS_PREVIOUS, >> gettext_noop("Turn on/off privilege checks on large objects."), > > The description is true, but gives a confusion because > "lo_compat_privileges = on" means "privilege checks are turned off". > > short desc: Enables backward compatibility in privilege checks on large > objects > long desc: When turned on, privilege checks on large objects are disabled. > > Are those descriptions appropriate? The long description is a bit confusable, because it does not disable all the privilege checks, such as lo_export/lo_import which already checks superuser privilege on execution in the earlier releases. What's your opinion about: long desc: When turned on, privilege checks on large objects perform with backward compatibility as 8.4.x or earlier releases. Thanks, -- OSS Platform Development Division, NEC KaiGai Kohei <kai...@ak.jp.nec.com> -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers