Tom Lane wrote:

Andreas Pflug <[EMAIL PROTECTED]> writes:

Tom Lane wrote:

As for the authentication-is-expensive issue, what of it?  You *should*
have to authenticate yourself in order to look inside another person's
database.  The sort of cross-database inspection being proposed here
would be a big security hole in many people's view.

Accessing pg_class et al using the current sysuseid with acl checking should be ok and satisfy security demands, no?

No. If the other user has you locked out from connecting to his
database at all, he's probably not going to feel that he should have to
disable your access to individual objects inside it.

Well he's using my tablespace, so I'd like to know at least the object name.

This has some connections to the discussions we periodically have about
preventing Joe User from looking at the system catalogs. If we make any
changes in this area at all, I would expect them to be in the direction
of narrowing access, not widening it to include being able to see
other databases' catalogs.

Superuser/tablespace owner isn't quite Joe User, I believe.

Actually, there seem quite some other cross database/shared table issues (schema default tablespace, dropping user who owns objects) which make it desirable to have superuser readonly access to pg_catalog tables. Maybe a todo for 7.6...


---------------------------(end of broadcast)---------------------------
TIP 7: don't forget to increase your free space map settings

Reply via email to