Tom Lane wrote:
Joseph S <jks@xxxxxxxxxxxxxxx> writes:
Tom Lane committed:
- Restrict pg_relation_size to relation owner, pg_database_size to DB
owner, and pg_tablespace_size to superusers. Perhaps we could
weaken the first case to just require SELECT privilege, but that
doesn't work for the other cases, so use ownership as the common
concept.
Is there going to be a way to turn this off easily?
No. If you want to make an argument for weaker restrictions than these,
argue away, but security restrictions that can be "easily turned off"
are no security at all.
I don't see how letting the size of a database or relation is a big
security risk. I do see how forcing me to login as the superuser to see
my db stats creates more of a security risk.
---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match
