Mr Dash Four <mr.dash.four@googlemail.com> writes:
>> if you broke the permissions on the pg_catalog so badly that the SQL
>> planner can't look up the data types of the fields of your own tables,
>> well, thats just wrong.
> What's the alternative?
Perhaps more careful thought about your threat model?
> I am not willing to let an arbitrary program
> using connection credentials, which have the ability to read my entire
> system catalogue. What happens if that connection is hijacked by an
> attacker?
1. Use SSL connections, with appropriate certificate verification at
both ends.
2. If somebody manages to hijack your connection, you have much worse
problems than whether they can read your system catalogs. They can at
least copy, and probably modify, your user data. The catalogs are
unlikely to contain anything that's very interesting to an attacker
who knows enough about your operations to hijack a connection in the
first place.
regards, tom lane