Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1sojWq-00DQpd-6V
	for pgsql-general@arkaria.postgresql.org; Thu, 12 Sep 2024 13:06:33 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1sojWp-007cgw-Dh
	for pgsql-general@arkaria.postgresql.org; Thu, 12 Sep 2024 13:06:31 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <htamfids@gmail.com>)
	id 1sojWp-007cet-1m
	for pgsql-general@lists.postgresql.org; Thu, 12 Sep 2024 13:06:31 +0000
Received: from mail-lj1-x233.google.com ([2a00:1450:4864:20::233])
	by makus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.94.2)
	(envelope-from <htamfids@gmail.com>)
	id 1sojWl-000o42-6m
	for pgsql-general@lists.postgresql.org; Thu, 12 Sep 2024 13:06:29 +0000
Received: by mail-lj1-x233.google.com with SMTP id 38308e7fff4ca-2f75d044201so9547331fa.0
        for <pgsql-general@lists.postgresql.org>; Thu, 12 Sep 2024 06:06:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1726146386; x=1726751186; darn=lists.postgresql.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=Dm8zSSBe7UyvFcOBN1Mdt3AzGAvC3edEyFUQGxAeX/c=;
        b=OTyJXALTwHCUNfTN8sicutBUC85Feg6jOAT/TDfMhC5Sv8SsdYiajZ1iLzLhBU4868
         alpEZU4Veb/d0/cnRr25quaTV8bCS/GOyIiH3sKl9VTt6TX5zODSbikJziq3lDRKY56l
         NdG7vqpaV7ABR4Fupv0EK1LKIfUE9Z4KirLa9NCkaXkP4cpbfV3VI8qgoDsFzci05tu8
         rd8P+y6nG6qOIK9ql24eWjsyzOMK0ipVIlzDw/6feQHcggwR66VitJ4BfZ9IZRYZgnHQ
         mFndiU4mrHr2UlR3T7PTAi+/aCMEg7CYKPj28YKWTIBkUt5r8jZ3/eS93fuMUw68v3iN
         39HQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1726146386; x=1726751186;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=Dm8zSSBe7UyvFcOBN1Mdt3AzGAvC3edEyFUQGxAeX/c=;
        b=Io6HKJtlVjqwML29QZ6QESxKjFvcnh/4LRgWybCfyWDAI+ZWAx3xSQtVIT7eZjy4x6
         V+L8IDA/rSm2Ah/ULBhTTNVuDX1nCH68ef39Ha2jDRa0m3XJYFRBv0igIadJzFtnEt6g
         XiG7DLtAO4H5ICCfeZlvgqGJLmOMMr9gP8Tkrj+rjYuaQ59geMUSgLfIhJv+W8K/E57B
         E3tgyCC9sHws89941oj0K6+mh9QZLWteOroa0uNNUt35d1wfwuKm4YgdDEuioDVyy1Rk
         BUY8wVY5clapY1hMpBrYTzeYmJeMwAya7RztjJ/3IrCTeJgYd8x9d7/FIwCbUsw5XaOe
         ATWQ==
X-Forwarded-Encrypted: i=1; AJvYcCWBc1bIbHVpGipPL4ICO2+eV7W23wEPeRRP+mGU6H556CaPbI7nRwd8UNkW/acccl0mQUeLZ1FFQmKN3Cne@lists.postgresql.org
X-Gm-Message-State: AOJu0YzOzLWphjt2KVRFb+IbkPWr/NUdR9BWp34J+qtZDn0QgMZg5dvJ
	kbu3YAUXIIN1zz7aKUNnozhxjLg5BrTAzimLyC3Jyunq5qpo/MOgIdl8ApCOC4L3GfivPspmK7e
	rgyCEs9kFsBO43ddnyytqDkI7fnj2JzkU
X-Google-Smtp-Source: AGHT+IGLc8SdNQF3p/usAmUbdVzaELgAzL5LqHQyrvMgaf4S+zCRma+grw/fuzpaS8GmosFmjKMqqvJs24DAVTil7Tw=
X-Received: by 2002:a05:651c:1a0a:b0:2ef:21a6:7c82 with SMTP id
 38308e7fff4ca-2f7726fb55dmr28325991fa.20.1726146384673; Thu, 12 Sep 2024
 06:06:24 -0700 (PDT)
MIME-Version: 1.0
References: <VisenaEmail.0.81936c517b2d9cfe.191e44de951@origo-test01.app.internal.visena.net>
 <3952715.1726115805@sss.pgh.pa.us> <VisenaEmail.1.4f10ceb0099d6ab1.191e48a6946@origo-test01.app.internal.visena.net>
In-Reply-To: <VisenaEmail.1.4f10ceb0099d6ab1.191e48a6946@origo-test01.app.internal.visena.net>
From: Greg Sabino Mullane <htamfids@gmail.com>
Date: Thu, 12 Sep 2024 09:05:48 -0400
Message-ID: <CAKAnmm+SrS1=ggcc9qCAXd=uzJWzwH_CciM+aRr-PtDZjrEuRA@mail.gmail.com>
Subject: Re: Effects of REVOKE SELECT ON ALL TABLES IN SCHEMA pg_catalog FROM PUBLIC
To: Andreas Joseph Krogh <andreas@visena.com>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, pgsql-general@lists.postgresql.org
Content-Type: multipart/alternative; boundary="00000000000016c4be0621ebc695"
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/CAKAnmm%2BSrS1%3Dggcc9qCAXd%3DuzJWzwH_CciM%2BaRr-PtDZjrEuRA%40mail.gmail.com>
Precedence: bulk

--00000000000016c4be0621ebc695
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Thu, Sep 12, 2024 at 12:52=E2=80=AFAM Andreas Joseph Krogh <andreas@vise=
na.com>
wrote:

> I know PG is not designed for this, but I have this requirement
> nonetheless=E2=80=A6
> I think preventing =E2=80=9Cmost users and tools" from seeing/presenting =
this
> information is =E2=80=9Cgood enough=E2=80=9D.
>

As pointed out, there are very many workarounds. This is security theater.

If read-access (SELECT) on views in public-schema will still works, and
> pg_dump/restore etc. also works, this sounds like a solution to me.
>

pg_dump will absolutely not work without access to the system catalogs.

If you want to prevent information, stop direct access and make the
application call user functions.

(Also note that determining if a database or user exists does not even
require a successful login to the cluster.)

Cheers,
Greg

--00000000000016c4be0621ebc695
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr">On Thu, Sep 12, 2024 at 12:52=E2=80=AFAM =
Andreas Joseph Krogh &lt;<a href=3D"mailto:andreas@visena.com">andreas@vise=
na.com</a>&gt; wrote:</div><div class=3D"gmail_quote"><blockquote class=3D"=
gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(20=
4,204,204);padding-left:1ex"><div>I know PG is not designed for this, but I=
 have this requirement nonetheless=E2=80=A6</div><div>I think preventing =
=E2=80=9Cmost users and tools&quot; from seeing/presenting this information=
 is =E2=80=9Cgood enough=E2=80=9D.<br></div><div></div></blockquote><div><b=
r></div><div>As pointed out, there are very many workarounds. This is secur=
ity theater.</div><div><br></div><blockquote class=3D"gmail_quote" style=3D=
"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-le=
ft:1ex"><div>If read-access (SELECT) on views in <code>public</code>-schema=
 will still works, and pg_dump/restore etc. also works, this sounds like a =
solution to me.</div></blockquote><div><br></div><div>pg_dump will absolute=
ly not work without access to the system catalogs.</div><div><br></div><div=
>If you want to prevent information, stop direct access and make the applic=
ation call user functions.</div><div><br></div><div>(Also note that determi=
ning if a database or user exists does not even require a successful login =
to the cluster.)</div><div><br></div><div>Cheers,</div><div>Greg</div><div>=
<br></div></div></div>

--00000000000016c4be0621ebc695--