Matthias van de Meent <boekewurm+postg...@gmail.com> writes:
> On Thu, 29 May 2025 at 15:44, Robert Haas <robertmh...@gmail.com> wrote:
>> But so far - apart from this feature - we
>> have managed to avoid making it categorically unsafe for the superuser
>> to run "SELECT * FROM table"
> With CREATE RULE [0], a table owner can redefine what happens during
> e.g. SELECT * FROM table.
That's a view, not a table. The distinction is critical in pg_dump,
and we also have restrict_nonsystem_relation_kind which can be used
to prevent accidental reads from views. It would definitely be nice
to have a less hacky answer. But making ordinary tables unsafe to
read absolutely is a quantum jump in insecurity; claiming otherwise
is not helpful.
regards, tom lane
