On Fri, Oct 10, 2008 at 01:09:48PM +0900, KaiGai Kohei wrote:
>> 4. Metadata-level access controls. None of the proposals so far seem
>> to provide a complete set of access controls for the system details --
>> schemas, databases, &c. Such controls are often requested, so I
>> wonder about that.
>
> We are already have GRANT/REVOKE on databases, schemaes and so on
> as a core facility. This optional facility does not need to provide
> it again.
I think I wasn't clear enough. One of the requests we hear all the
time -- indeed, somone just posted an RFQ looking for coders for it --
is a request to prevent users who haven't any permission on a database
to learn anything about it at all. In a shared hosting environment,
for instance, the idea is that two customers can have databases in the
same back end, and not be able to learn anything about one another
_including that they are there_. I am pretty sure I first heard
someone wishing for something like that when was using PostgreSQL
6.something, so it's a long-standing irritant.
Anyway, I'm not trying to suggest, "You should do this." I'm just
trying to point out that what are the obvious areas of access control
from one point of view are not even interesting from another. This is
why I think a fairly complete analysis is needed (and why I think it
hasn't been done yet).
A
--
Andrew Sullivan
ajs@commandprompt.com
+1 503 667 4564 x104
http://www.commandprompt.com/