Josh Berkus wrote:
Andrew,
Not really, no. It would just be one more thing that my hardening script
had to remove permissions from.
Hmmm ... even though the sysviews check users' permissions? That was one of our ideas behind making it "safer than the system catalogs".
It might be safer, but that doesn't hit my target at all. I am aiming at a zero-knowledge user, i.e. one who cannot discover anything at all about the db. The idea is that even if subvert can subvert a client and get access to the db the amount of metadata they can discover is as close to zero as possible.
cheers
andrew
---------------------------(end of broadcast)--------------------------- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
