Re: Security Issue..

Rod Taylor writes:

> The solution?  Information_Schema coupled with no direct access to
> pg_catalog.  Internals can use pg_catalog, possibly super users, but
> regular users shouldn't be able to do any reads / writes to it
> directly -- as per spec with definition_schema.

The catch on this is that privileges on views don't work quite perfectly
yet.  For instance, if you create a view
   CREATE VIEW bar AS SELECT * FROM foo;

then the statement
   SELECT * FROM bar;

needs privileges to read "foo".  The privileges would need to be changed
to be checked at view creation time.

-- 
Peter Eisentraut   peter_e@gmx.net