Re: Catalog Security WAS: Views, views, views: Summary of Arguments

On 2005-05-13, Josh Berkus <josh@agliodbs.com> wrote:
> Andrew,
>> It might be safer, but that doesn't hit my target at all. I am aiming at
>> a zero-knowledge user, i.e. one who cannot discover anything at all
>> about the db. The idea is that even if subvert can subvert a client and
>> get access to the db the amount of metadata they can discover is as
>> close to zero as possible.
>
> Yeah, I can see that.  I've personally had this concern about our PG 
> installation on the web server, and as you know about pgFoundry as well, 
> especially since GForge does not use good user security.
>
> However, I see 2 seperate cases here:
>
> 1) The "ISP" case, where you want to hide all catalog information from the 
> users except the database owner or superuser.

I don't believe this is ever feasible in practice, since client interfaces
at any level higher than libpq will need to access metadata corresponding
to the data they are retrieving.

-- 
Andrew, Supernews
http://www.supernews.com - individual and corporate NNTP services