Thread: Re: Incorrect comment on pg_shadow view

Re: Incorrect comment on pg_shadow view

From

Daniel Gustafsson

Date:

18 October 2024, 15:09:43

> On 18 Oct 2024, at 13:50, Antonin Houska <ah@cybertec.at> wrote:

> Attached is a proposal to fix a comment in pg_authid.h. pg_shadow is not (and
> obviously should not be) accessible by public:

- *      pg_shadow and pg_group are now publicly accessible views on pg_authid.
+ *      pg_shadow and pg_group are now views on pg_authid.

I'm no native speaker but I don't interpret "publicly accessible" as readable
by the public role, rather that they are accessible via a user interface (in
this case SQL).

--
Daniel Gustafsson

Re: Incorrect comment on pg_shadow view

From

Tom Lane

Date:

18 October 2024, 17:22:32

Daniel Gustafsson <daniel@yesql.se> writes:
>> On 18 Oct 2024, at 13:50, Antonin Houska <ah@cybertec.at> wrote:
>> Attached is a proposal to fix a comment in pg_authid.h. pg_shadow is not (and
>> obviously should not be) accessible by public:

> - *      pg_shadow and pg_group are now publicly accessible views on pg_authid.
> + *      pg_shadow and pg_group are now views on pg_authid.

> I'm no native speaker but I don't interpret "publicly accessible" as readable
> by the public role, rather that they are accessible via a user interface (in
> this case SQL).

I think Antonin is right.  pg_authid is just as accessible from SQL as
these views are.  Also note the phrasing in the SGML documentation of
pg_shadow [1]:

    The name stems from the fact that this table should not be
    readable by the public since it contains passwords. pg_user is a
    publicly readable view on pg_shadow that blanks out the password
    field.

            regards, tom lane

[1] https://www.postgresql.org/docs/devel/view-pg-shadow.html