public inbox for [email protected]
help / color / mirror / Atom feedRe: Effects of REVOKE SELECT ON ALL TABLES IN SCHEMA pg_catalog FROM PUBLIC
3+ messages / 3 participants
[nested] [flat]
* Re: Effects of REVOKE SELECT ON ALL TABLES IN SCHEMA pg_catalog FROM PUBLIC
@ 2024-09-12 13:58 Greg Sabino Mullane <[email protected]>
2024-09-12 14:10 ` Re: Effects of REVOKE SELECT ON ALL TABLES IN SCHEMA pg_catalog FROM PUBLIC Christophe Pettus <[email protected]>
0 siblings, 1 reply; 3+ messages in thread
From: Greg Sabino Mullane @ 2024-09-12 13:58 UTC (permalink / raw)
To: Andreas Joseph Krogh <[email protected]>; +Cc: Tom Lane <[email protected]>; [email protected]
On Thu, Sep 12, 2024 at 9:21 AM Andreas Joseph Krogh <[email protected]>
wrote:
> Yes, it *is* theater, but that doesn't prevent “compliance people” to
> care about it. We have to take measures to prevent “information leaks”.
>
*shrug* Then the compliance people are not good at their jobs, frankly.
But if it works for you, go ahead. As Tom said, it will work 95% of the
time. But it will break things that should work, and it will not prevent
the ability to get the information in other ways. To be clear, we never
recommend messing with the system catalogs, and this falls under the
umbrella of messing with the system catalogs.
Cheers,
Greg
^ permalink raw reply [nested|flat] 3+ messages in thread
* Re: Effects of REVOKE SELECT ON ALL TABLES IN SCHEMA pg_catalog FROM PUBLIC
2024-09-12 13:58 Re: Effects of REVOKE SELECT ON ALL TABLES IN SCHEMA pg_catalog FROM PUBLIC Greg Sabino Mullane <[email protected]>
@ 2024-09-12 14:10 ` Christophe Pettus <[email protected]>
2024-09-12 14:13 ` Re: Effects of REVOKE SELECT ON ALL TABLES IN SCHEMA pg_catalog FROM PUBLIC Andreas Joseph Krogh <[email protected]>
0 siblings, 1 reply; 3+ messages in thread
From: Christophe Pettus @ 2024-09-12 14:10 UTC (permalink / raw)
To: Andreas Joseph Krogh <[email protected]>; +Cc: Tom Lane <[email protected]>; pgsql-general <[email protected]>; Greg Sabino Mullane <[email protected]>
> On Sep 12, 2024, at 06:58, Greg Sabino Mullane <[email protected]> wrote:
>
> But if it works for you, go ahead. As Tom said, it will work 95% of the time. But it will break things that should work, and it will not prevent the ability to get the information in other ways. To be clear, we never recommend messing with the system catalogs, and this falls under the umbrella of messing with the system catalogs.
I can only echo that if the compliance people are taking a position that "you need to make an unsupported, ad-hoc modification to the database software's authentication system in order to meet this requirement," then the requirement is one that you should run, not walk, to get a waiver to, as that's a very unreasonable position for them to take.
^ permalink raw reply [nested|flat] 3+ messages in thread
* Re: Effects of REVOKE SELECT ON ALL TABLES IN SCHEMA pg_catalog FROM PUBLIC
2024-09-12 13:58 Re: Effects of REVOKE SELECT ON ALL TABLES IN SCHEMA pg_catalog FROM PUBLIC Greg Sabino Mullane <[email protected]>
2024-09-12 14:10 ` Re: Effects of REVOKE SELECT ON ALL TABLES IN SCHEMA pg_catalog FROM PUBLIC Christophe Pettus <[email protected]>
@ 2024-09-12 14:13 ` Andreas Joseph Krogh <[email protected]>
0 siblings, 0 replies; 3+ messages in thread
From: Andreas Joseph Krogh @ 2024-09-12 14:13 UTC (permalink / raw)
To: Christophe Pettus <[email protected]>; +Cc: Tom Lane <[email protected]>; pgsql-general <[email protected]>; Greg Sabino Mullane <[email protected]>
På torsdag 12. september 2024 kl. 16:10:26, skrev Christophe Pettus <
[email protected] <mailto:[email protected]>>:
> On Sep 12, 2024, at 06:58, Greg Sabino Mullane <[email protected]> wrote:
>
> But if it works for you, go ahead. As Tom said, it will work 95% of the
time. But it will break things that should work, and it will not prevent the
ability to get the information in other ways. To be clear, we never recommend
messing with the system catalogs, and this falls under the umbrella of messing
with the system catalogs.
I can only echo that if the compliance people are taking a position that "you
need to make an unsupported, ad-hoc modification to the database software's
authentication system in order to meet this requirement," then the requirement
is one that you should run, not walk, to get a waiver to, as that's a very
unreasonable position for them to take.
We're probably going down the postgres_fdw route, that seems to do the job.
--
Andreas Joseph Krogh
CTO / Partner - Visena AS
Mobile: +47 909 56 963
[email protected] <mailto:[email protected]>
www.visena.com <https://www.visena.com;
<https://www.visena.com;
^ permalink raw reply [nested|flat] 3+ messages in thread
end of thread, other threads:[~2024-09-12 14:13 UTC | newest]
Thread overview: 3+ messages (download: mbox mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2024-09-12 13:58 Re: Effects of REVOKE SELECT ON ALL TABLES IN SCHEMA pg_catalog FROM PUBLIC Greg Sabino Mullane <[email protected]>
2024-09-12 14:10 ` Christophe Pettus <[email protected]>
2024-09-12 14:13 ` Andreas Joseph Krogh <[email protected]>
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox