[postgis-users] Securing postgis

Karl O. Pinc kop at meme.com
Wed Mar 2 08:56:51 PST 2011

On 03/02/2011 10:42:17 AM, Mark Cave-Ayland wrote:
> On 02/03/11 16:30, Karl O. Pinc wrote:

> > I'm unfamiliar with geography_columns.  What is the security
> > model?  Can anyone do anything like with geography_columns?
> >
> > If it's a view then would it be possible to put triggers
> > on the underlying tables?  Where would I look in the code?

> It's still under discussion, but the view is generated automatically
> by 
> querying the system catalogues to pull out the spatial columns (i.e.
> it 
> can't be altered, but users will be able to see other users' spatial 
> columns in there).

If you wanted I suppose you could have such a view check permissions
and thereby avoid revealing such information to unauthorized users.
Just a thought.

> This means that AddGeographyColumn() and DropGeometryColumn() can 
> just
> add/remove the column from the table directly, so this can only 
> happen
> on tables for which the current role has SQL permissions.

I get it now.  They're "real" data types.

Great.  That's really what I want.

Thanks for all the help.  If I decide to go ahead and write
some triggers I'll post the results to the wiki.  Seeing as
how there's plans in the works to address the problem I probably
won't do anything at all unless a problem arises at my end.

Karl <kop at meme.com>
Free Software:  "You don't pay back, you pay forward."
                 -- Robert A. Heinlein

More information about the postgis-users mailing list