Re: Isn't pg_statistic a security hole?

Stephan Szabo <sszabo@megazone23.bigpanda.com> writes:
>> This is infeasible since we don't have a concept of per-row permissions.
>> It's all or nothing.

> Maybe make statistics readable only by superusers with a view that uses
> CURRENT_USER or something like that to only give the objects that
> have owners of this user?  Might be an ugly view, but...

Hmm, that would work --- you could join against pg_class to find out the
owner of the relation.  While you were at it, maybe look up the
attribute name in pg_attribute as well.  Anyone want to propose a
specific view definition?
        regards, tom lane