Re: [HACKERS] Here it is - view permissions]
| От | Zeugswetter Andreas SARZ |
|---|---|
| Тема | Re: [HACKERS] Here it is - view permissions] |
| Дата | |
| Msg-id | 219F68D65015D011A8E000006F8590C6010A51EF@sdexcsrv1.sd.spardat.at обсуждение исходный текст |
| Список | pgsql-hackers |
>> > > Why does views default to 'select' permission for 'public'? >> > > I think most people will never think of the possibility that others >> > > will be able to SELECT their data through views. >> > > Should not 'create view' at least print a NOTICE about this? >> > >> > Considering how much security we are putting around everything >> > else, is it unreasonably to have both 'create view'/'create table' default >> > to 'revoke all' to public, and 'grant all' to owner? >> >> Most commercial databases don't do this. > > Well, just checked with Wayne (My Oracle Guru) and in Oracle, >everything is private by default, and you open it up as required/desired >to other ppl... Hate to say this, but ANSI says the default has to be no rigths for public. Informix has a separate config parameter to enforce this. I use this parameter. (NODEFDAC=yes) I still think this is a non issue, since the paranoid under us (like myself on sensitive data) will always revoke all on <new table> from public; first thing after the create table just to be sure. Andreas
В списке pgsql-hackers по дате отправления: