Magnus Hagander wrote:
> On Thu, Jul 2, 2015 at 5:40 PM, Peter Eisentraut <[email protected]> wrote:
> > Actually, I think the whole view shouldn't be accessible to unprivileged
> > users, except maybe your own row.
> >
> I could go for some of the others if we think there's reason, but I don't
> understand the dn part?
>
> I guess there's some consistency in actually blocking exactly everything...
One case that I remember popping up every so often was "I don't want
people to know what other customers I have in the same database
cluster". We leak these details all over the place (catalogs that can
be queried directly, as well as pg_stat_activity itself, etc), so just
changing the new view would accomplish nothing. If there's interest in
closing these holes, this might be a first step.
--
Álvaro Herrera http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
