Re: Security Issue..
От | Peter Eisentraut |
---|---|
Тема | Re: Security Issue.. |
Дата | |
Msg-id | Pine.LNX.4.30.0204142143140.717-100000@peter.localdomain обсуждение исходный текст |
Ответ на | Security Issue.. ("Rod Taylor" <rbt@zort.ca>) |
Ответы |
Re: Security Issue..
|
Список | pgsql-hackers |
Rod Taylor writes: > The solution? Information_Schema coupled with no direct access to > pg_catalog. Internals can use pg_catalog, possibly super users, but > regular users shouldn't be able to do any reads / writes to it > directly -- as per spec with definition_schema. The catch on this is that privileges on views don't work quite perfectly yet. For instance, if you create a view CREATE VIEW bar AS SELECT * FROM foo; then the statement SELECT * FROM bar; needs privileges to read "foo". The privileges would need to be changed to be checked at view creation time. -- Peter Eisentraut peter_e@gmx.net
В списке pgsql-hackers по дате отправления: