Re: untrusted languages and non-global superusers?

--- Tom Lane <tgl@sss.pgh.pa.us> wrote:

> CSN <cool_screen_name90001@yahoo.com> writes:
> > I'm using plphpu and I'd like to allow the regular
> > database user to use it, but since it's
> "untrusted" it
> > requires users to be superusers. If I have to do
> this,
> > I don't want the user to be a superuser for all
> > databases. Is it possible to grant superuser
> status to
> > a user for a specific database?
>
> Exactly how would you prevent him from converting
> that into global
> access?  Especially if you're going to give him use
> of an untrusted
> language?  He could easily rewrite any configuration
> file you might
> think is going to lock him out of your other
> databases.

You lost me - how is any of that possible?

>
> > (The function uses mail(), so IIRC that
> necessitates
> > using plphpu).
>
> Sending mail from a database function (or doing
> anything else that
> involves external side-effects) is generally A Bad
> Idea, for reasons
> that have been covered many times in the list
> archives.

Why, exactly? In this situation I just set up a
trigger that sends a welcome email to newly inserted
members. Very convenient.

CSN



____________________________________________________
Start your day with Yahoo! - make it your home page
http://www.yahoo.com/r/hs