On Mon, Aug 18, 2008 at 10:38 AM, Thomas Jacob <jacob@xxxxxxxxxxxxx> wrote: > On Mon, 2008-08-18 at 11:48 -0400, Robert Treat wrote: > >> Yes, I think the whole "security through obscurity" argument is a cop out to >> get around postgresql's design choices (in this perticular instance anyway, >> in many cases its valid). No, it's a way of preventing the wasting of countless man hours making changes that accomplish exactly nothing in terms of SECURITY. Now, it may help with your particular business rules to have that information hidden. But if you think hiding who the other users are gives you any real measure of security you are sorely mistaken. > Well, improvements that make PostgreSQL better suited to separating > databases for different users would surely help drive up > the number of users. There are lots people who can't > or don't want to afford their own database server while > still needing to have access to an SQL database. I agree that such changes might make it easier for some shops to adopt postgresql, but I'm not sure it's a win in a cost / benefits analysis. Very few users actually need to hide user info in the system catalogs etc from other users. For the vast majority who want it it's not something they need, just something they'd like. I would much rather have the hackers working on code to make postgresql more performent and expanding functionality than hiding information.
