| Lists: | pgsql-hackers |
|---|
| From: | "Shaunak Godbole" <shaunak(dot)godbole(at)gmail(dot)com> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | In which module does query rewriting takes place |
| Date: | 2006-10-02 14:30:59 |
| Message-ID: | c51e33740610020730q62dd40dcxf3f0a4f0f316d2a1@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-hackers |
Hi,
We are trying to introduce access control. For this we have to rewrite the
input query by replacing each relation by its corresponding authorized view.
Which part of the code should we modify for this.
Till now we have thought of the following:
1. We take as input the parse tree generated by the parser.
2. We implement a "new" module which rewrites the parse tree into the format
we want.
3. We feed this new parse tree into the optimizer.
Does a module exist which rewrites the parse tree generated. We saw that
there exist some rewrite module in /src/backend/rewrite. Is that the correct
module to make changes to!
Thanks
Shaunak
--
It is not the aptitude but the attitude that decides a persons altitude
Shaunak Godbole
Senior Undergraduate
Computer Science Dept.
IIT Powai, Mumbai 400076
Ph no: 9819841537
| From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
|---|---|
| To: | Shaunak Godbole <shaunak(dot)godbole(at)gmail(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: In which module does query rewriting takes place |
| Date: | 2006-10-02 14:38:47 |
| Message-ID: | 45212477.4080504@dunslane.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-hackers |
Shaunak Godbole wrote:
> Hi,
>
> We are trying to introduce access control. For this we have to rewrite
> the input query by replacing each relation by its corresponding
> authorized view.
This sounds like a pretty ugly hack. There are already extensive access
controls available in postgres. What is there about the existing access
controls that does not do what you want?
cheers
andrew
| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
| Cc: | Shaunak Godbole <shaunak(dot)godbole(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: In which module does query rewriting takes place |
| Date: | 2006-10-02 14:49:14 |
| Message-ID: | 10532.1159800554@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-hackers |
Andrew Dunstan <andrew(at)dunslane(dot)net> writes:
> Shaunak Godbole wrote:
>> We are trying to introduce access control.
> This sounds like a pretty ugly hack.
Perhaps more to the point, it's already been done:
http://veil.projects.postgresql.org/
regards, tom lane
| From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Shaunak Godbole <shaunak(dot)godbole(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: In which module does query rewriting takes place |
| Date: | 2006-10-02 15:03:38 |
| Message-ID: | 45212A4A.6060402@dunslane.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-hackers |
Tom Lane wrote:
> Andrew Dunstan <andrew(at)dunslane(dot)net> writes:
>
>> Shaunak Godbole wrote:
>>
>>> We are trying to introduce access control.
>>>
>
>
>> This sounds like a pretty ugly hack.
>>
>
> Perhaps more to the point, it's already been done:
> http://veil.projects.postgresql.org/
>
>
>
Ah, the missing piece is that case is "row level".
cheers
andrew