* Christopher Kings-Lynne ([EMAIL PROTECTED]) wrote: > >It bothers me a great deal that I can't control very easily what a given > >user can see when they connect over ODBC or via phppgadmin in terms of > >schemas, tables and columns. I fixed this in application code in > >phppgadmin but that's clearly insufficient since it doesn't do anything > >for the other access methods. > > Modifiying phpPgAdmin is useless - people can query the catalogs manually.
It's not entirely *useless*; it's just not a proper fix for the security
issue, I'll grant you that. Personally I found the hack that I did pretty
useful since most of my users aren't likely to go sniffing through the
catalog and it was a temporary workaround for the complaints until
there's a proper fix.
> Hackers - we get an email about information hiding in shared
> postgresql/phppgadmin installations at least once a fortnight :)
I agree with this- it needs to be dealt with and fixed already, once and
for all.
Thanks,
Stephen
signature.asc
Description: Digital signature
