Daniel Gustafsson <daniel@yesql.se> writes:
>> On 18 Oct 2024, at 13:50, Antonin Houska <ah@cybertec.at> wrote:
>> Attached is a proposal to fix a comment in pg_authid.h. pg_shadow is not (and
>> obviously should not be) accessible by public:
> - * pg_shadow and pg_group are now publicly accessible views on pg_authid.
> + * pg_shadow and pg_group are now views on pg_authid.
> I'm no native speaker but I don't interpret "publicly accessible" as readable
> by the public role, rather that they are accessible via a user interface (in
> this case SQL).
I think Antonin is right. pg_authid is just as accessible from SQL as
these views are. Also note the phrasing in the SGML documentation of
pg_shadow [1]:
The name stems from the fact that this table should not be
readable by the public since it contains passwords. pg_user is a
publicly readable view on pg_shadow that blanks out the password
field.
regards, tom lane
[1] https://www.postgresql.org/docs/devel/view-pg-shadow.html
