Re: Isn't pg_statistic a security hole?
От | Serguei Mokhov |
---|---|
Тема | Re: Isn't pg_statistic a security hole? |
Дата | |
Msg-id | 022001c0d651$36766e00$5dd9fea9@gunn обсуждение исходный текст |
Ответ на | Isn't pg_statistic a security hole? (Tom Lane <tgl@sss.pgh.pa.us>) |
Ответы |
Re: Isn't pg_statistic a security hole?
|
Список | pgsql-hackers |
Being a simple user, I still want to view the stats from the table, but it should be limited only to the stuff I own. I don't wanna let others see any of my info, however. The SU's, of course, should be able to read all the stats. ----- Original Message ----- From: Tom Lane <tgl@sss.pgh.pa.us> To: <pgsql-hackers@postgresql.org> Sent: Sunday, May 06, 2001 1:14 PM Subject: [HACKERS] Isn't pg_statistic a security hole? > Right now anyone can look in pg_statistic and discover the min/max/most > common values of other people's tables. That's not a lot of info, but > it might still be more than you want them to find out. And the > statistical changes that I'm about to commit will allow a couple dozen > values to be exposed, not only three values per column. > > It seems to me that only superusers should be allowed to read the > pg_statistic table. Or am I overreacting? Comments? > > regards, tom lane > > ---------------------------(end of broadcast)--------------------------- > TIP 4: Don't 'kill -9' the postmaster
В списке pgsql-hackers по дате отправления: