> Now you can argue that approximate database size information simply
> isn't that useful to an attacker, and maybe that's true.  But are
> we prepared to make a policy decision that we aren't going to try to
> protect such information at all? 

But it's not making *no* attempt.  This is a special case; it only applies 
when a limited number of databases share the same tablespace.  If the admin 
is concerned about protecting private info about database size, then either 
put the DBs in separate tablespaces, or make sure there's so many dbs in the 
tablespace that no useful information can be derived.

Hmmm ... execept we're not requiring even permission on *one* DB in the 
tablespace are we?  That *is* an issue.  How difficult would it be to require 
that the requestor have CONNECT on at least one DB in the tablespace?  Like 
by requiring them to be connected to that DB, or to be the Superuser?

Josh Berkus
PostgreSQL @ Sun
San Francisco

---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
       subscribe-nomail command to [EMAIL PROTECTED] so that your
       message can get through to the mailing list cleanly

Reply via email to