* Stephen Frost (sfr...@snowman.net) wrote: > > --- a/src/backend/catalog/system_views.sql > > +++ b/src/backend/catalog/system_views.sql > > @@ -414,6 +414,11 @@ CREATE RULE pg_settings_n AS > > > > GRANT SELECT, UPDATE ON pg_settings TO PUBLIC; > > > > +CREATE VIEW pg_file_settings AS > > + SELECT * FROM pg_show_all_file_settings() AS A; > > + > > +REVOKE ALL on pg_file_settings FROM public; > > +
Err, and further, I realize that you're not actually changing the
permissions on the actual function at all, which means that they're the
default which is "executable by anyone."
This will also need a
REVOKE EXECUTE on pg_show_all_file_settings() FROM public;
Or someone could simply run the function instead of using the view to
see the data returned.
Thanks,
Stephen
signature.asc
Description: Digital signature
