On Tue, Oct 5, 2010 at 2:08 PM, Greg Stark <gsst...@mit.edu> wrote: > Though I find it unlikely the sales people would have direct access to > run arbitrary SQL -- let alone create custom functions.
I have definitely seen shops where virtually everyone has SQL-level access to the database. Several of them. Most of them were pretty insecure, but it certainly doesn't help anything when the database has no capability to do anything better. Now, I will grant you that not everyone in those organizations was actually smart enough to do meaningful things with the access they had, but I never found that very comforting. > If the users that have select access on the view don't have DDL access > doesn't that make them leak-proof for those users? Depends what they can do with pre-existing, or built-in, functions. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise Postgres Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
