| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com> |
| Cc: | daveg <daveg(at)sonic(dot)net>, Dave Page <dpage(at)pgadmin(dot)org>, Dimitri Fontaine <dfontaine(at)hi-media(dot)com>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Peter Eisentraut <peter_e(at)gmx(dot)net>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Application name patch - v2 |
| Date: | 2009-10-19 15:27:02 |
| Message-ID: | 20091019152702.GK17756@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
* Pavel Stehule (pavel(dot)stehule(at)gmail(dot)com) wrote:
> 2009/10/19 Stephen Frost <sfrost(at)snowman(dot)net>:
> > * Pavel Stehule (pavel(dot)stehule(at)gmail(dot)com) wrote:
> >> Superuser permission could not be a problem. Simple security definer
> >> function can do it.
> >
> > Then you've defeated the point of making it superuser-only.
>
> no. Because when I write security definer function, then I explicitly
> allow an writing for some roles. When I don't write this function,
> then GUC is secure.
And what happens when those 'some roles' are used by broken
applications? You don't get to say "make it superuser only" and then
turn around and tell people to hack around the fact that it's superuser
only to be able to use it. That's not a solution.
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2009-10-19 15:34:30 | Re: COPY enhancements |
| Previous Message | Alvaro Herrera | 2009-10-19 15:21:48 | Re: COPY enhancements |