Re: Isn't pg_statistic a security hole?

> > I doubt it is worth letting non-super users see values in that table. 
> > Their only value is in debugging the optimizer, which seems like a
> > super-user job anyway.
> 
> Well, mumble.  I routinely ask people who're complaining of bad plans
> for extracts from their pg_statistic table.  I don't foresee that need
> vanishing any time soon :-(.  The idea of a view seemed nice, in part
> because it could be set up to give all the useful info with a simple
> 
>     select * from pg_statview where relname = 'foo';
> 
> rather than the messy three-way join you have to type now.

Sounds fine, but aren't most people who we ask for stats superusers?

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026