2. If somebody manages to hijack your connection, you have much worse
problems than whether they can read your system catalogs. They can at
least copy, and probably modify, your user data.
If I have restricted those permissions (i.e. access to specific schemas
only, allowing specific operations - like INSERT only on just the tables
needed for that particular db user) how would a user, who hijacked the
connection, be able to "at least copy, and probably modify user data" then?
The catalogs are
unlikely to contain anything that's very interesting to an attacker
who knows enough about your operations to hijack a connection in the
first place.
They give a comprehensive information about the entire structure of the
database - that, at least to me, is good-enough reason to restrict such
an access.
--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
