Обсуждение: Re: [ANNOUNCE] == PostgreSQL Weekly News - August 26 2007 ==
David Fetter wrote: > Tom Lane committed: > > > - Restrict pg_relation_size to relation owner, pg_database_size to DB > owner, and pg_tablespace_size to superusers. Perhaps we could > weaken the first case to just require SELECT privilege, but that > doesn't work for the other cases, so use ownership as the common > concept. > Is there going to be a way to turn this off easily? This is going to break my admin tool.
Joseph S <jks@selectacast.net> writes: >> Tom Lane committed: >> - Restrict pg_relation_size to relation owner, pg_database_size to DB >> owner, and pg_tablespace_size to superusers. Perhaps we could >> weaken the first case to just require SELECT privilege, but that >> doesn't work for the other cases, so use ownership as the common >> concept. >> > Is there going to be a way to turn this off easily? No. If you want to make an argument for weaker restrictions than these, argue away, but security restrictions that can be "easily turned off" are no security at all. regards, tom lane
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tom Lane wrote: > Joseph S <jks@selectacast.net> writes: >>> Tom Lane committed: >>> - Restrict pg_relation_size to relation owner, pg_database_size to DB >>> owner, and pg_tablespace_size to superusers. Perhaps we could >>> weaken the first case to just require SELECT privilege, but that >>> doesn't work for the other cases, so use ownership as the common >>> concept. >>> >> Is there going to be a way to turn this off easily? > > No. If you want to make an argument for weaker restrictions than these, > argue away, but security restrictions that can be "easily turned off" > are no security at all. Sure, but you haven't made a security adjustment. You have made a behavioral adjustment that is guaranteed to break remote applications. Joshua D. Drake > > regards, tom lane > > ---------------------------(end of broadcast)--------------------------- > TIP 2: Don't 'kill -9' the postmaster > - -- === The PostgreSQL Company: Command Prompt, Inc. === Sales/Support: +1.503.667.4564 24x7/Emergency: +1.800.492.2240 PostgreSQL solutions since 1997 http://www.commandprompt.com/ UNIQUE NOT NULL Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate PostgreSQL Replication: http://www.commandprompt.com/products/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG0vYlATb/zqfZUUQRAj+9AJ9Mz7tXXgrtibJMY/WLmL7x3wja3gCeP0Kw gi91a+6oxgT+ziI9mwLHlfI= =wxN+ -----END PGP SIGNATURE-----
Tom Lane wrote: > Joseph S <jks@selectacast.net> writes: >>> Tom Lane committed: >>> - Restrict pg_relation_size to relation owner, pg_database_size to DB >>> owner, and pg_tablespace_size to superusers. Perhaps we could >>> weaken the first case to just require SELECT privilege, but that >>> doesn't work for the other cases, so use ownership as the common >>> concept. >>> >> Is there going to be a way to turn this off easily? > > No. If you want to make an argument for weaker restrictions than these, > argue away, but security restrictions that can be "easily turned off" > are no security at all. I don't see how letting the size of a database or relation is a big security risk. I do see how forcing me to login as the superuser to see my db stats creates more of a security risk.