Re: Views, views, views: Summary of Arguments

Josh Berkus wrote:

>Andrew, Merlin,
>
>  
>
>>My approach was to remove all significant permissions (including on the
>>catalog) from public and regrant them to a pseudopublic group,
>>comprising designated users. The designated users would notice no
>>difference at all, while everyone else would be able to see only what
>>was explicitly granted to them. But there would be lots of testing and
>>thinking to be done before releasing it into the wild :-)
>>    
>>
>
><plug>Doesn't it seem like a really complete set of system views (based on 
>information_schema or otherwise) would potentially allow securing the 
>pg_catalog?</plug>
>
>  
>

Not really, no. It would just be one more thing that my hardening script 
had to remove permissions from.

I still have an open mind about the sysviews project, but the more 
oversold, hyped and promoted with bogus arguments it gets the more 
skeptical I become.

cheers

andrew