Re: revoked permissions on table still allows users to see table's structure
| От | Dinesh Bhandary |
|---|---|
| Тема | Re: revoked permissions on table still allows users to see table's structure |
| Дата | |
| Msg-id | 4E29BCE9.2010301@iii.com обсуждение исходный текст |
| Ответ на | Re: revoked permissions on table still allows users to see table's structure ("Kevin Grittner" <Kevin.Grittner@wicourts.gov>) |
| Ответы |
Re: revoked permissions on table still allows users to see table's structure
|
| Список | pgsql-admin |
We had the same problem, and we still do not have an elegant solution, we have a workaround which I really don't like. I agree with Juan - it is a limitation. I understand that you can solve this problem outside of a database, but it will be nice to have a strictly read only user who can just see data of the assigned objects and nothing else. Dinesh O-+n 7/22/2011 11:00 AM, Kevin Grittner wrote: > "Juan Cuervo (Quality Telecom)"<juanrcuervo@quality-telecom.net> > wrote: > >> Imagine you own a software development company, > > Not too hard for me. Been there, done that. > >> and decides to base the company's product on Postgresql databases. >> Such a company surely dont want to expose his database design to >> its customers, but in some time might want to provide 'select' >> access to some users, so they can pull data to external datamining >> or data analisys tools, for example. If this is not possible in >> postgresql right now, then all users with connect privilege will >> be able to see not only the table's structure, but also the stored >> procedures code, wich in many cases, stores a business logic or >> know-how. > > Imagine that the software is running on a machine under the client's > control, where they have root access to the OS. They can then > disassemble or debug through code to see how the encrypted procedure > code is turned into something the database can compile, they can > connect to the database as the superuser to view all details. The > only protection provided by what you suggest is from those too inept > to really pose a competitive threat. If you think some other > product gives you protection beyond this, it is an illusion. > > The only way to protect your schema and logic from view is to offer > "software as a service". While someone might still infer a lot > about the structure of the data and the logic of the code from > observing its displays and the procedures available to the user, you > would have some insulation. > > -Kevin >
В списке pgsql-admin по дате отправления: