Magnus Hagander wrote: > On Thu, Jul 2, 2015 at 5:40 PM, Peter Eisentraut <pete...@gmx.net> wrote:
> > Actually, I think the whole view shouldn't be accessible to unprivileged > > users, except maybe your own row. > > > I could go for some of the others if we think there's reason, but I don't > understand the dn part? > > I guess there's some consistency in actually blocking exactly everything... One case that I remember popping up every so often was "I don't want people to know what other customers I have in the same database cluster". We leak these details all over the place (catalogs that can be queried directly, as well as pg_stat_activity itself, etc), so just changing the new view would accomplish nothing. If there's interest in closing these holes, this might be a first step. -- Álvaro Herrera http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
