| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | Josh Berkus <josh(at)agliodbs(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Privileges and inheritance |
| Date: | 2009-10-04 19:57:30 |
| Message-ID: | 1254686250.13655.7.camel@vanquo.pezone.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sun, 2009-10-04 at 11:56 -0700, Josh Berkus wrote:
> Except ... I can imagine a multi-tenant setup where certain ROLEs only
> have permissions on some child relations, but not others. So we'd want
> to still enable a permissions check on a child when the child is called
> directly rather than through the parent.
Well, when you access the child, it doesn't care whether it has a
parent. So this is equivalent to checking permissions before accessing
a table, period. I think we'll keep that. ;-)
> And we'd want to hammer this to death looking for ways it can be a
> security exploit. Like, could you make a table into the parent of an
> existing table you didn't have permissions on?
I don't think so, but you're free to hammer. ;-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2009-10-04 20:07:40 | Re: Rules: A Modest Proposal |
| Previous Message | David Fetter | 2009-10-04 19:34:08 | Re: Rules: A Modest Proposal |