custom variable classes

From: Andrew Dunstan <andrew(at)dunslane(dot)net>
To: PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: custom variable classes
Date: 2006-11-28 18:17:18
Message-ID: 456C7D2E.7020405@dunslane.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers


One thing I want to look at for 8.3 is improving custom variable
classes. Right now these are all user settable, which makes them quite
inappropriate for security related settings (such as which perl modules
to load for use by trusted plperl). I'm wondering if we should perhaps
allow something like:

custom_variable_classes = 'foo'
foo:<security_level>.bar = 'blurfl'

and providing some mechanism whereby we could ascertain that the value
comes from a permitted source.

I know I am not the only person who has noticed that we are a bit
lacking in this area.

As far as plperl goes, I guess I could instead use a db table to store a
set of module names for plperl to load, but then I would have to do some
fairly comprehensive permission tests.

Another possibility would be to provide somewhere in the catalog to
store such info. per db might be nicer, though.

Thoughts?

cheers

andrew

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Markus Schiltknecht 2006-11-28 18:18:33 Re: Integrating Replication into Core
Previous Message Tom Lane 2006-11-28 18:02:50 Re: Double entries in log for page slots in beta3