Re: Isn't pg_statistic a security hole?

Being a simple user, I still want
to view the stats from the table,
but it should be limited only
to the stuff I own. I don't wanna
let others see any of my info, however.
The SU's, of course, should be able to read
all the stats.

----- Original Message ----- 
From: Tom Lane <tgl@sss.pgh.pa.us>
To: <pgsql-hackers@postgresql.org>
Sent: Sunday, May 06, 2001 1:14 PM
Subject: [HACKERS] Isn't pg_statistic a security hole?


> Right now anyone can look in pg_statistic and discover the min/max/most
> common values of other people's tables.  That's not a lot of info, but
> it might still be more than you want them to find out.  And the
> statistical changes that I'm about to commit will allow a couple dozen
> values to be exposed, not only three values per column.
> 
> It seems to me that only superusers should be allowed to read the
> pg_statistic table.  Or am I overreacting?  Comments?
> 
> regards, tom lane
> 
> ---------------------------(end of broadcast)---------------------------
> TIP 4: Don't 'kill -9' the postmaster