Re: Views, views, views: Summary of Arguments
| От | Andrew Dunstan |
|---|---|
| Тема | Re: Views, views, views: Summary of Arguments |
| Дата | |
| Msg-id | 4284E514.8040408@dunslane.net обсуждение исходный текст |
| Ответ на | Re: Views, views, views: Summary of Arguments (Josh Berkus <josh@agliodbs.com>) |
| Ответы |
Re: Catalog Security WAS: Views, views, views: Summary of Arguments
|
| Список | pgsql-hackers |
Josh Berkus wrote: >Andrew, > > > >>Not really, no. It would just be one more thing that my hardening script >>had to remove permissions from. >> >> > >Hmmm ... even though the sysviews check users' permissions? That was one of >our ideas behind making it "safer than the system catalogs". > > It might be safer, but that doesn't hit my target at all. I am aiming at a zero-knowledge user, i.e. one who cannot discover anything at all about the db. The idea is that even if subvert can subvert a client and get access to the db the amount of metadata they can discover is as close to zero as possible. cheers andrew
В списке pgsql-hackers по дате отправления: