Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vJiNo-00HIap-2s for pgsql-hackers@arkaria.postgresql.org; Fri, 14 Nov 2025 01:13:48 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1vJiNm-003m7p-1N for pgsql-hackers@arkaria.postgresql.org; Fri, 14 Nov 2025 01:13:46 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vJiNl-003m7h-2O for pgsql-hackers@lists.postgresql.org; Fri, 14 Nov 2025 01:13:46 +0000 Received: from mail-m16.yeah.net ([220.197.32.16]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vJiNe-00712I-2u for pgsql-hackers@postgresql.org; Fri, 14 Nov 2025 01:13:43 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yeah.net; s=s110527; h=Message-ID:Date:MIME-Version:From:Subject:To: Content-Type; bh=XRW0xU3LRWZ3CotLUrvgwlTT5YiVjHNqDIx7KjcYhXQ=; b=HFYk8HZDsJgihMtHi7fuMYtpoowWNJ4UK9P4bCPjDc3afPxyV9jQ0dJvpl1Aa3 INEGj9V1uogk7W62OTkjApaWolLJHhXaXGAT2X5acu5YBaz17VFlnBUsYoeWIFqD veNIAW/zWF02La1bVneY+hizcDgbDm8XuJBYAMLgvma5E= Received: from [192.168.10.60] (unknown []) by gzsmtp3 (Coremail) with SMTP id M88vCgD3X7Q7ghZp0i_xAQ--.34007S2; Fri, 14 Nov 2025 09:13:31 +0800 (CST) Message-ID: <001adbbd-8a33-4992-a5db-f2623ca4d8ca@yeah.net> Date: Fri, 14 Nov 2025 09:13:30 +0800 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird From: Quan Zongliang Subject: Re: [PATCH] Add pg_get_database_ddl() function to reconstruct CREATE DATABASE statement To: pgsql-hackers References: <202511131220.vxws67smjbvn@alvherre.pgsql> Content-Language: en-US In-Reply-To: <202511131220.vxws67smjbvn@alvherre.pgsql> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-CM-TRANSID: M88vCgD3X7Q7ghZp0i_xAQ--.34007S2 X-Coremail-Antispam: 1Uf129KBjvJXoW7KFy5Zw1fCFy8Gr13JrWxXrb_yoW8Xw1fpr W3XayavrnrAry7CF4xtw4xKa48tFs5ur4FgF48G3yUZ3W5uay0gr4rtr40va45Xr9xZ3WY vF4agr9Fv3WDA37anT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x07UBpBfUUUUU= X-Originating-IP: [111.167.159.4] X-CM-SenderInfo: htxd06xrqjzxxdqjq5hhdkh0dhw/1tbiNRuOsmkWgjt-RwAA3s List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On 11/13/25 8:28 PM, Álvaro Herrera wrote: >> But what about the following scenario? If there is no permission to access >> pg_database. Shouldn't the DDL be returned? >> >> postgres=> SELECT * FROM pg_database; >> ERROR: permission denied for table pg_database >> postgres=> SELECT pg_get_database_ddl('testdb'); > > Hmm, what scenario is this? Did you purposefully REVOKE the SELECT > privileges from pg_database somehow? > Yes. I revoked the access permission using the REVOKE command. The pg_get_xxx_ddl function is actually revealing system information to the users. This is equivalent to accessing the corresponding system table. So I think we should consider this issue. The access permission to the system tables has been revoked. This user is unable to directly view the contents of the system tables from the client side via SQL. However, it is still possible to obtain the object definitions (which was previously inaccessible) through pg_get_xxx_ddl. This is more like a security flaw. A more specific example. Originally, it was impossible to obtain the definition of "testdb" by accessing pg_database: postgres=> SELECT * FROM pg_database WHERE datname='testdb'; ERROR: permission denied for table pg_database And after having this function. However, users can view these in another format. postgres=> SELECT pg_get_database_ddl('testdb'); ------------- ... CREATE DATABASE testdb WITH OWNER = quanzl ENCODING = "UTF8" ... Perhaps it's just that I'm overthinking things. What do you think about it?