Thread

  1. Re: [HACKERS] Here it is - view permissions

    Oliver Elphick <olly@lfix.co.uk> — 1998-02-23T21:53:57Z

    Bruce Momjian wrote:
      >All tables are created with default permissions for SELECT to PUBLIC, so
      >views are no different.
    
    Is this not contrary to the SQL standard?  I understood that SQL tables
    are created with permissions for their creator only; any permissions for
    other users must be granted explicitly.  According to "SQL The Standard
    Handbook" (Cannan & Otten, 1993), the owner of the schema in which a table
    is created is given a full set of privileges, and no other user can access
    the table or even discover that it exists!
    
    It certainly seems undesirable to give automatic access to data of unknown
    sensitivity.  Surely the default permission should be for the table's
    creator alone or for the owner of the PostgreSQL database (which I suppose 
    is equivalent to the `schema').
    
    I see that Jan Wieck has posted a method for preventing world readability;
    perhaps this should just be flagged as a configurable option.
    
    
    -- 
    Oliver Elphick                                Oliver.Elphick@lfix.co.uk
    Isle of Wight                              http://www.lfix.co.uk/oliver
    
    PGP key from public servers; key ID 32B8FAA1
    
    
    
    
  2. Re: [HACKERS] Here it is - view permissions

    Jan Wieck <jwieck@debis.com> — 1998-02-23T22:27:59Z

    Oliver Elphick wrote:
    >
    > Bruce Momjian wrote:
    >   >All tables are created with default permissions for SELECT to PUBLIC, =
    > so
    >   >views are no different.
    >
    > Is this not contrary to the SQL standard?  I understood that SQL tables
    > are created with permissions for their creator only; any permissions for
    > other users must be granted explicitly.  According to "SQL The Standard
    > Handbook" (Cannan & Otten, 1993), the owner of the schema in which a tabl=
    > e
    > is created is given a full set of privileges, and no other user can acces=
    > s
    > the table or even discover that it exists!
    
                                 ^^^^^^^^^^^^^^!!!
    
        Ha!
    
        The next table we must hide and create a view on :-)
    
        This time the view must check if the user has at least SELECT
        permission on the table/view and hide  rows.  More  tricky  -
        I'll try to work it out. But not doday - I'm tired and I know
        what can happen then (saying '... and make even  this  little
        thing'  at  23:00  to  reach the state of 22:59 at 04:00 :-).
        Good night to all!
    
        But a last word: There are  even  more  such  tables  as  the
        tables/views  are also reflected in pg_attributes, pg_rewrite
        and so on. Even if here only the Oid shows up.
    
        If we really want to get all this up to the highest level, we
        need  sometimes  a proacl field in pg_proc ... *Ack* - Bruce,
        *Outch* - no - not the pumpgun - *Help*
    
        :-)
    
    >
    > It certainly seems undesirable to give automatic access to data of unknow=
    > n
    > sensitivity.  Surely the default permission should be for the table's
    > creator alone or for the owner of the PostgreSQL database (which I suppos=
    > e =
    >
    > is equivalent to the `schema').
    >
    > I see that Jan Wieck has posted a method for preventing world readability=
    > ;
    > perhaps this should just be flagged as a configurable option.
    
        But configurable at compile  time  -  not  a  runtime  option
        please.
    
    
    Jan
    
    --
    
    #======================================================================#
    # It's easier to get forgiveness for being wrong than for being right. #
    # Let's break this rule - forgive me.                                  #
    #======================================== jwieck@debis.com (Jan Wieck) #
    
    
    
    
  3. Re: [HACKERS] Here it is - view permissions

    Bruce Momjian <maillist@candle.pha.pa.us> — 1998-02-23T22:35:09Z

     > 
    > Bruce Momjian wrote:
    >   >All tables are created with default permissions for SELECT to PUBLIC, so
    >   >views are no different.
    > 
    > Is this not contrary to the SQL standard?  I understood that SQL tables
    > are created with permissions for their creator only; any permissions for
    > other users must be granted explicitly.  According to "SQL The Standard
    > Handbook" (Cannan & Otten, 1993), the owner of the schema in which a table
    > is created is given a full set of privileges, and no other user can access
    
    Will be the default in 6.3, I think.
     
    > the table or even discover that it exists!
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    
    Not in 6.3, or maybe ever.  Too much OO stuff for that, I think.
    
    > 
    > It certainly seems undesirable to give automatic access to data of unknown
    > sensitivity.  Surely the default permission should be for the table's
    > creator alone or for the owner of the PostgreSQL database (which I suppose 
    > is equivalent to the `schema').
    > 
    > I see that Jan Wieck has posted a method for preventing world readability;
    > perhaps this should just be flagged as a configurable option.
    
    
    -- 
    Bruce Momjian                          |  830 Blythe Avenue
    maillist@candle.pha.pa.us              |  Drexel Hill, Pennsylvania 19026
      +  If your life is a hard drive,     |  (610) 353-9879(w)
      +  Christ can be your backup.        |  (610) 853-3000(h)
    
    
  4. Re: [HACKERS] Here it is - view permissions

    Brett McCormick <brett@work.chicken.org> — 1998-02-23T23:06:32Z

    So I've never gotten the distinction -- what makes postgreSQL an
    object oriented database, aside from the oid attribute and class
    inheritance (which could work a little better.. no way to find out the
    child class of a tuple in a select from parent_class* query).
    
    and what makes it relational?  the fact that it can do joins?
    
    in confused delerium,
    --brett
    
    On Mon, 23 February 1998, at 17:35:09, Bruce Momjian wrote:
    
    > Will be the default in 6.3, I think.
    >  
    > > the table or even discover that it exists!
    >                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    > 
    > Not in 6.3, or maybe ever.  Too much OO stuff for that, I think.
    > 
    > > 
    > > It certainly seems undesirable to give automatic access to data of unknown
    > > sensitivity.  Surely the default permission should be for the table's
    > > creator alone or for the owner of the PostgreSQL database (which I suppose 
    > > is equivalent to the `schema').
    > > 
    > > I see that Jan Wieck has posted a method for preventing world readability;
    > > perhaps this should just be flagged as a configurable option.
    > 
    > 
    > -- 
    > Bruce Momjian                          |  830 Blythe Avenue
    > maillist@candle.pha.pa.us              |  Drexel Hill, Pennsylvania 19026
    >   +  If your life is a hard drive,     |  (610) 353-9879(w)
    >   +  Christ can be your backup.        |  (610) 853-3000(h)
    
    
  5. Re: [HACKERS] Here it is - view permissions

    Thomas Lockhart <lockhart@alumni.caltech.edu> — 1998-02-24T02:37:02Z

    > So I've never gotten the distinction -- what makes postgreSQL an
    > object oriented database...
    
    It is not. It is object-relational, which is relational with some object-oriented
    features. The type/function extensibility is the most visible of these features.
    
    > and what makes it relational?  the fact that it can do joins?
    
    And allows one to use other aspects of relational algebra.
    
                                                     - Tom
    
    
    
  6. Re: [HACKERS] Here it is - view permissions

    Brett McCormick <brett@work.chicken.org> — 1998-02-24T05:00:31Z

    On Tue, 24 February 1998, at 02:37:02, Thomas G. Lockhart wrote:
    
    > > So I've never gotten the distinction -- what makes postgreSQL an
    > > object oriented database...
    > 
    > It is not. It is object-relational, which is relational with some object-oriented
    > features. The type/function extensibility is the most visible of these features.
    
    Whoops, that should have been a no-brainer (because I already knew that)
    
    > 
    > > and what makes it relational?  the fact that it can do joins?
    > 
    > And allows one to use other aspects of relational algebra.
    
    what is relational algebra?  operations on entire tuples?