Re: Security Issue..
От | Rod Taylor |
---|---|
Тема | Re: Security Issue.. |
Дата | |
Msg-id | 075101c1e41e$c87001a0$8001a8c0@jester обсуждение исходный текст |
Ответ на | Re: Security Issue.. (Bruce Momjian <pgman@candle.pha.pa.us>) |
Список | pgsql-hackers |
Yes. A number of people in the company have mentioned that our customers can see tables and structures which they shouldn't know exist. Not a severe issue, but it's a checkmark for those wanting to switch to Oracle. Revoking read access to system catalogs causes interesting things to occur :) -- Rod Taylor Your eyes are weary from staring at the CRT. You feel sleepy. Notice how restful it is to watch the cursor blink. Close your eyes. The opinions stated above are yours. You cannot imagine why you ever felt otherwise. ----- Original Message ----- From: "Bruce Momjian" <pgman@candle.pha.pa.us> To: "Rod Taylor" <rbt@zort.ca> Cc: "Hackers List" <pgsql-hackers@postgresql.org> Sent: Sunday, April 14, 2002 9:33 PM Subject: Re: [HACKERS] Security Issue.. > Rod Taylor wrote: > > I'm running into a minor issue with security in regards to users being > > able to see constructs that they have no access too. > > > > The solution? Information_Schema coupled with no direct access to > > pg_catalog. Internals can use pg_catalog, possibly super users, but > > regular users shouldn't be able to do any reads / writes to it > > directly -- as per spec with definition_schema. > > Is the problem that people can see system catalog columns that should be > more secure? > > -- > Bruce Momjian | http://candle.pha.pa.us > pgman@candle.pha.pa.us | (610) 853-3000 > + If your life is a hard drive, | 830 Blythe Avenue > + Christ can be your backup. | Drexel Hill, Pennsylvania 19026 >
В списке pgsql-hackers по дате отправления: