On Mon, Dec 27, 2010 at 9:36 AM, Magnus Hagander <mag...@hagander.net> wrote: > Seeing logged SQL isn't - but being able to filter the logfiles on > that requires a *lot* more than just defining a security privilege. If > we mean "arbitrary log file reading", the easiest way to fix that > would be to stop checking for superuser permissions in the > read-file-function, and instead use the permissions *on the function* > to control it. In fact, that is something that we could (should?) do > for a bunch of other functions as well, so that we can in that way > provide much more granular permissions level than just blanked > assigning of privileges.
That would require having users change the permissions on system objects, which seems, icky (would they even be dumped?). Given that the superuser could already create a security definer wrapper function with the privileges required, I don't think this is needed. -- Dave Page Blog: http://pgsnake.blogspot.com Twitter: @pgsnake EnterpriseDB UK: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
