>> I'm not sure what the solution would be, exactly. Deny permission for
>> EXPLAIN on certain tables?
>
> That would close only one covert channel. Others were already pointed out
> upthread, and I'll bet there are more ...
Mind you, fundamentally this is no different from allowing INSERT
permission on a table but denying SELECT, or denying SELECT on certain
columns. In either case, covert channels for some data are available.
--
Josh Berkus
PostgreSQL Experts Inc.
http://pgexperts.com