On Tue, Jun 06, 2006 at 12:15:24PM -0600, William K. Volkman wrote:
> On Tue, 2006-06-06 at 10:43, Michael Bayer wrote:
> > On Jun 5, 2006, at 11:50 PM, William K. Volkman wrote:
> > 
> The fact that they've gone to the trouble to constrain certain
> fields to only be visible to the table owner
> indicates that they've done it on purpose.  I.E. As Owner:
> 
> sat=# select column_name, column_default
> from information_schema.columns
> where table_name = 'departments';
>    column_name   |                    column_default
> -----------------+-------------------------------------------------------
>  department_id   | nextval('public.departments_department_id_seq'::text)
>  department_name |
> 
> As a non-owner:
>    column_name   | column_default
> -----------------+----------------
>  department_id   |
>  department_name |
> 

it's not like this. Try as a not owner user to use \d to retrieve
information and you'll get all you need to reflect. When I opened ticket '71
I also suggested a whay to get Primary keys and foreign keys w/o any
privileges, just studying what psql does upon '\d table_name' with option -E. 

> One reasoning probably lies in commercial deployment of the
> database.  Don't permit the users to reverse engineer the
> database or give out information that could be used to break
> it.

security by obscurity? mmh not what I call security!
A broken reflection is what make me for the moment have all people
connect with the same user. That's *totally* unsecure!

And to spend one more word about reflection: I definitely want a single
point where info on the db are stored, and that's the db. I may even forget
about how many application I made to get to a db but if the structure is
reflected all the times I'm sure the information get to the wright place when
needed. (Btw: I'd really like to see the error raised when autoloading if
the table does not exist, as recently proposed)


sandro
*:-)

-- 
Sandro Dentella  *:-)
http://www.tksql.org                    TkSQL Home page - My GPL work


_______________________________________________
Sqlalchemy-users mailing list
Sqlalchemy-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlalchemy-users

Reply via email to