Re: Largeobject Access Controls (r2460)

KaiGai Kohei <kaigai@ak.jp.nec.com> wrote:

> > we still allow "SELECT * FROM pg_largeobject" ...right?
> 
> It can be solved with revoking any privileges from anybody in the initdb
> phase. So, we should inject the following statement for setup_privileges().
> 
>   REVOKE ALL ON pg_largeobject FROM PUBLIC;

OK, I'll add the following description in the documentation of pg_largeobject.
  <structname>pg_largeobject</structname> should not be readable by the  public, since the catalog contains data in
largeobjects of all users.  <structname>pg_largeobject_metadata</> is a publicly readable catalog  that only contains
identifiersof large objects.
 

> {"lo_compat_privileges", PGC_SUSET, COMPAT_OPTIONS_PREVIOUS,
>     gettext_noop("Turn on/off privilege checks on large objects."),

The description is true, but gives a confusion because
"lo_compat_privileges = on" means "privilege checks are turned off".
 short desc: Enables backward compatibility in privilege checks on large objects long desc: When turned on, privilege
checkson large objects are disabled.
 

Are those descriptions appropriate?

Regards,
---
Takahiro Itagaki
NTT Open Source Software Center