Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1t1nsG-000TAc-4U for pgsql-hackers@arkaria.postgresql.org; Fri, 18 Oct 2024 14:22:40 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1t1nsE-005KQ6-CH for pgsql-hackers@arkaria.postgresql.org; Fri, 18 Oct 2024 14:22:38 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1t1nsE-005KPe-2u for pgsql-hackers@lists.postgresql.org; Fri, 18 Oct 2024 14:22:38 +0000 Received: from sss.pgh.pa.us ([68.162.161.243]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1t1nsB-001Xzl-US for pgsql-hackers@postgresql.org; Fri, 18 Oct 2024 14:22:37 +0000 Received: from sss1.sss.pgh.pa.us (localhost [127.0.0.1]) by sss.pgh.pa.us (8.15.2/8.15.2) with ESMTP id 49IEMWE0868679; Fri, 18 Oct 2024 10:22:32 -0400 From: Tom Lane To: Daniel Gustafsson cc: Antonin Houska , PostgreSQL Hackers Subject: Re: Incorrect comment on pg_shadow view In-reply-to: References: <31926.1729252247@antos> Comments: In-reply-to Daniel Gustafsson message dated "Fri, 18 Oct 2024 14:09:43 +0200" MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <868677.1729261352.1@sss.pgh.pa.us> Content-Transfer-Encoding: quoted-printable Date: Fri, 18 Oct 2024 10:22:32 -0400 Message-ID: <868678.1729261352@sss.pgh.pa.us> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Daniel Gustafsson writes: >> On 18 Oct 2024, at 13:50, Antonin Houska wrote: >> Attached is a proposal to fix a comment in pg_authid.h. pg_shadow is no= t (and >> obviously should not be) accessible by public: > - * pg_shadow and pg_group are now publicly accessible views on pg_aut= hid. > + * pg_shadow and pg_group are now views on pg_authid. > I'm no native speaker but I don't interpret "publicly accessible" as rea= dable > by the public role, rather that they are accessible via a user interface= (in > this case SQL). I think Antonin is right. pg_authid is just as accessible from SQL as these views are. Also note the phrasing in the SGML documentation of pg_shadow [1]: The name stems from the fact that this table should not be readable by the public since it contains passwords. pg_user is a publicly readable view on pg_shadow that blanks out the password field. regards, tom lane [1] https://www.postgresql.org/docs/devel/view-pg-shadow.html