* Stephen Frost (sfrost@snowman.net) wrote:
> > --- a/src/backend/catalog/system_views.sql
> > +++ b/src/backend/catalog/system_views.sql
> > @@ -414,6 +414,11 @@ CREATE RULE pg_settings_n AS
> >
> > GRANT SELECT, UPDATE ON pg_settings TO PUBLIC;
> >
> > +CREATE VIEW pg_file_settings AS
> > + SELECT * FROM pg_show_all_file_settings() AS A;
> > +
> > +REVOKE ALL on pg_file_settings FROM public;
> > +
Err, and further, I realize that you're not actually changing the
permissions on the actual function at all, which means that they're the
default which is "executable by anyone."
This will also need a
REVOKE EXECUTE on pg_show_all_file_settings() FROM public;
Or someone could simply run the function instead of using the view to
see the data returned.
Thanks,
Stephen