On 2005-05-13, Josh Berkus <josh@agliodbs.com> wrote:
> Andrew,
>> It might be safer, but that doesn't hit my target at all. I am aiming at
>> a zero-knowledge user, i.e. one who cannot discover anything at all
>> about the db. The idea is that even if subvert can subvert a client and
>> get access to the db the amount of metadata they can discover is as
>> close to zero as possible.
>
> Yeah, I can see that. I've personally had this concern about our PG
> installation on the web server, and as you know about pgFoundry as well,
> especially since GForge does not use good user security.
>
> However, I see 2 seperate cases here:
>
> 1) The "ISP" case, where you want to hide all catalog information from the
> users except the database owner or superuser.
I don't believe this is ever feasible in practice, since client interfaces
at any level higher than libpq will need to access metadata corresponding
to the data they are retrieving.
--
Andrew, Supernews
http://www.supernews.com - individual and corporate NNTP services