Re: Largeobject Access Controls (r2460)
Takahiro Itagaki <itagaki.takahiro@oss.ntt.co.jp>
From: Takahiro Itagaki <itagaki.takahiro@oss.ntt.co.jp>
To: KaiGai Kohei <kaigai@ak.jp.nec.com>
Cc: Jaime Casanova <jcasanov@systemguards.com.ec>, Greg Smith <greg@2ndquadrant.com>, pgsql-hackers@postgresql.org
Date: 2009-12-11T01:16:56Z
Lists: pgsql-hackers
KaiGai Kohei <kaigai@ak.jp.nec.com> wrote:
> > we still allow "SELECT * FROM pg_largeobject" ...right?
>
> It can be solved with revoking any privileges from anybody in the initdb
> phase. So, we should inject the following statement for setup_privileges().
>
> REVOKE ALL ON pg_largeobject FROM PUBLIC;
OK, I'll add the following description in the documentation of pg_largeobject.
<structname>pg_largeobject</structname> should not be readable by the
public, since the catalog contains data in large objects of all users.
<structname>pg_largeobject_metadata</> is a publicly readable catalog
that only contains identifiers of large objects.
> {"lo_compat_privileges", PGC_SUSET, COMPAT_OPTIONS_PREVIOUS,
> gettext_noop("Turn on/off privilege checks on large objects."),
The description is true, but gives a confusion because
"lo_compat_privileges = on" means "privilege checks are turned off".
short desc: Enables backward compatibility in privilege checks on large objects
long desc: When turned on, privilege checks on large objects are disabled.
Are those descriptions appropriate?
Regards,
---
Takahiro Itagaki
NTT Open Source Software Center