| From: | Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | daveg <daveg(at)sonic(dot)net>, Dave Page <dpage(at)pgadmin(dot)org>, Dimitri Fontaine <dfontaine(at)hi-media(dot)com>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Peter Eisentraut <peter_e(at)gmx(dot)net>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Application name patch - v2 |
| Date: | 2009-10-19 15:09:46 |
| Message-ID: | 162867790910190809o78ed8d89y40c222e0b0e8e640@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
2009/10/19 Stephen Frost <sfrost(at)snowman(dot)net>:
> * Pavel Stehule (pavel(dot)stehule(at)gmail(dot)com) wrote:
>> Superuser permission could not be a problem. Simple security definer
>> function can do it.
>
> Then you've defeated the point of making it superuser-only.
no. Because when I write security definer function, then I explicitly
allow an writing for some roles. When I don't write this function,
then GUC is secure.
Pavel
>
> I don't think that changing the app name deserves a warning, to be
> perfectly honest. Notice should be sufficient.
>
> Thanks,
>
> Stephen
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
>
> iEYEARECAAYFAkrceMsACgkQrzgMPqB3kihrpwCePXXJLxXIpvfHF0fMXbO6Pn94
> uJcAn2cnT97QNqeRW2coKRDZfWVKaXxz
> =xvXs
> -----END PGP SIGNATURE-----
>
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2009-10-19 15:21:48 | Re: COPY enhancements |
| Previous Message | Dave Page | 2009-10-19 15:02:22 | Re: Application name patch - v2 |