On 2005-05-13, Josh Berkus <josh@agliodbs.com> wrote: > Andrew, >> It might be safer, but that doesn't hit my target at all. I am aiming at >> a zero-knowledge user, i.e. one who cannot discover anything at all >> about the db. The idea is that even if subvert can subvert a client and >> get access to the db the amount of metadata they can discover is as >> close to zero as possible. > > Yeah, I can see that. I've personally had this concern about our PG > installation on the web server, and as you know about pgFoundry as well, > especially since GForge does not use good user security. > > However, I see 2 seperate cases here: > > 1) The "ISP" case, where you want to hide all catalog information from the > users except the database owner or superuser.
I don't believe this is ever feasible in practice, since client interfaces at any level higher than libpq will need to access metadata corresponding to the data they are retrieving. -- Andrew, Supernews http://www.supernews.com - individual and corporate NNTP services ---------------------------(end of broadcast)--------------------------- TIP 6: Have you searched our list archives? http://archives.postgresql.org
