Обсуждение: Re: Views, views, views: Summary of Arguments
Tom Lane wrote: > "Merlin Moncure" <merlin.moncure@rcsonline.com> writes: > > Argument 3: backwards compatibility. Do you remember how tablespaces > > introduction broke pgAdmin? > > This argument, at least, is bogus. See my original comments to Josh: > it is not credible that these views will be significantly more stable > than the underlying catalogs. We don't change the catalogs on whims; > we change them because we have to in order to make some significant > improvement in functionality. For instance, if this nested-schema > idea goes in, the proposed views will have to change, or else become > useless for most of the purposes they are being touted for. Ok, I agree. To be honest, I think the usability arguments are specious at best when we have the information schema. In fact, IMO it is a mistake to add a third way of describing the database unless there were plans to make significant changes to the system schema. However, I think PostgreSQL has a fairly serious security problem in that the system catalogs are open to the public. I don't seem to be winning many supporters on this particular point though. I wonder if people are aware just how much information a completely unprivileged account can pull out of the database? Including but not limited to: 1. all source code of user defined functions 2. list of all users on system (but not passwords) etc. Merlin
"Merlin Moncure" <merlin.moncure@rcsonline.com> writes: > However, I think PostgreSQL has a fairly serious security problem in > that the system catalogs are open to the public. I don't seem to be > winning many supporters on this particular point though. No, you're not, and it's not like we've never heard this argument before. Just upthread there were several complaints about the information_schema being too restrictive to be useful --- I think we'd get a whole lot more of that if we tried to prevent direct examination of the catalogs. regards, tom lane
Tom Lane wrote: >"Merlin Moncure" <merlin.moncure@rcsonline.com> writes: > > >>However, I think PostgreSQL has a fairly serious security problem in >>that the system catalogs are open to the public. I don't seem to be >>winning many supporters on this particular point though. >> >> > >No, you're not, and it's not like we've never heard this argument >before. > >Just upthread there were several complaints about the information_schema >being too restrictive to be useful --- I think we'd get a whole lot more >of that if we tried to prevent direct examination of the catalogs. > > > > There is a case for a facility to "harden" postgres. My experiments some time ago show you can pretty much hide everything without breaking anything badly if you're careful. I have it on my personal TODO list to complete a hardening script - although I have no idea when I'll get to it. cheers andrew