Andrew Sullivan wrote:
> On Fri, Oct 10, 2008 at 01:09:48PM +0900, KaiGai Kohei wrote:
>
> >> 4. Metadata-level access controls. None of the proposals so far seem
> >> to provide a complete set of access controls for the system details --
> >> schemas, databases, &c. Such controls are often requested, so I
> >> wonder about that.
> >
> > We are already have GRANT/REVOKE on databases, schemaes and so on
> > as a core facility. This optional facility does not need to provide
> > it again.
>
> I think I wasn't clear enough. One of the requests we hear all the
> time -- indeed, somone just posted an RFQ looking for coders for it --
> is a request to prevent users who haven't any permission on a database
> to learn anything about it at all. In a shared hosting environment,
> for instance, the idea is that two customers can have databases in the
> same back end, and not be able to learn anything about one another
> _including that they are there_. I am pretty sure I first heard
> someone wishing for something like that when was using PostgreSQL
> 6.something, so it's a long-standing irritant.
I think we could use row-level access control to prevent people from
seeing databases they should not see in pg_database.
-- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB
http://enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +