Re: crypting prosrc in pg_proc

Decibel! wrote:
> This is also related to the desire to be able to restrict access to the
> catalog tables. Doing so could potentially solve this problem; it 
> solves other issues (such as being able to see all the databases that
> exist on a server, something that hosting environments care about).
>   

You can hide the catalogs, albeit at the cost of some functionality. I 
did some experimentation a couple of years back with removing public 
access from the catalogs, removing information_schema and the public 
schema, etc, and it worked quite well. I set up a user who had access to 
a single schema, which only contained functions, and the user wasn't 
able (so far as I could determine) to see anything other than those 
functions - no tables, no catalogs, no databases, no users. The user was 
still able to function exactly as intended. The intended scenario was 
for a web app user, where the web server was subverted, the aim being to 
restrict the amount of information the intruder could steal.

That doesn't help with information leaking in shared hosting setups, I 
agree.

cheers

andrew