Re: Restrict permissions on schema to hide pl/pgsql code

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

You can consider this email to have accomplished both.  Lacking someone saying they they are working on it and pointing you to a patch you can safely operate under the assumption that this behavior isn’t going to change.  I suppose its possible with the recent row-level security feature that a fresh look leveraging that facility could be considered but AFAIK that hasn’t and isn’t being done.

There is the commitfest website but otherwise plans and complaint raising are pretty informal here.  Though typically the -general list is a better choice for inquiries of this nature.

David J.

On Wednesday, July 24, 2019, Swanand Kshirsagar <swanandon@xxxxxxxxx> wrote:
Yes, that's the reason why I tried revoking permissions from pg_catalog.pg_proc table.

What's the right way to notify this OR check if there is any plan in roadmap?

On Wed, Jul 24, 2019 at 6:58 PM David G. Johnston <david.g.johnston@xxxxxxxxx> wrote:
On Wednesday, July 24, 2019, Swanand Kshirsagar <swanandon@xxxxxxxxx> wrote:
Isn't revoking permissions from a schema should take care of this situation?

The pl/pgsql function body is stored in pg_catalog which the user still has permission to read.  There isn’t a good/supported way to work around this behavior.

David J.


[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux