Andrew,
> It might be safer, but that doesn't hit my target at all. I am aiming at
> a zero-knowledge user, i.e. one who cannot discover anything at all
> about the db. The idea is that even if subvert can subvert a client and
> get access to the db the amount of metadata they can discover is as
> close to zero as possible.
Yeah, I can see that. I've personally had this concern about our PG
installation on the web server, and as you know about pgFoundry as well,
especially since GForge does not use good user security.
However, I see 2 seperate cases here:
1) The "ISP" case, where you want to hide all catalog information from the
users except the database owner or superuser.
2) The "Enterprise server" setting, where you want to allow catalog access
(for example, for pgAdmin) restricted to the current user permissions.
--
--Josh
Josh Berkus
Aglio Database Solutions
San Francisco