Re: [HACKERS] Postgres acl (fwd)
| От | Bruce Momjian |
|---|---|
| Тема | Re: [HACKERS] Postgres acl (fwd) |
| Дата | |
| Msg-id | 199801070227.VAA08345@candle.pha.pa.us обсуждение исходный текст |
| Ответ на | Re: [HACKERS] Postgres acl (fwd) (The Hermit Hacker <scrappy@hub.org>) |
| Список | pgsql-hackers |
> > On Wed, 7 Jan 1998, Thomas G. Lockhart wrote: > > > Are there any maintenance operations which require a "delete from pg_xxx"? If > > not, then we could just modify the parser (or the executor?) to check the table > > name and not allow insert/delete from any table whose name starts with "pg_". Had > > to ask, although I'm sure this is too easy to actually work :) > > As long as what you are suggesting doesn't break "drop database", "drop > table", "drop view"...I realize that this is obvious, but... Good point. Yes it does. dbcommands.c and user.c both do direct calls to pg_exec to pass everything into the parser, optimizer, and executor. The real fix is to do things like copy.c does, by directly calling the C routines and making the desired changes there. Or to have some global flag that says "Backend performed the rights test, let this SQL succeed." That may be cleaner. Table access rights are tested in just one function, I think. We still have the pg_user.passwd problem, and pg_user is not readable by general users. I can't think of a fix for this. -- Bruce Momjian maillist@candle.pha.pa.us
В списке pgsql-hackers по дате отправления: