On Tue, 2010-10-05 at 14:49 -0400, Robert Haas wrote: > On Tue, Oct 5, 2010 at 2:08 PM, Greg Stark <gsst...@mit.edu> wrote: > > Though I find it unlikely the sales people would have direct access to > > run arbitrary SQL -- let alone create custom functions. > > I have definitely seen shops where virtually everyone has SQL-level > access to the database.
Uhh... yeah it is very common to point access at the database and say go for it. Very common. > Several of them. Most of them were pretty > insecure, but it certainly doesn't help anything when the database has > no capability to do anything better. Now, I will grant you that not > everyone in those organizations was actually smart enough to do > meaningful things with the access they had, but I never found that > very comforting. The better argument here is, the majority (by far, just google it) of espionage is done IN HOUSE. It doesn't matter if it is a sales person. It could be a disgruntled DBA. JD -- PostgreSQL.org Major Contributor Command Prompt, Inc: http://www.commandprompt.com/ - 509.416.6579 Consulting, Training, Support, Custom Development, Engineering http://twitter.com/cmdpromptinc | http://identi.ca/commandprompt -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
