Re: Application name patch - v2
| От | Stephen Frost |
|---|---|
| Тема | Re: Application name patch - v2 |
| Дата | |
| Msg-id | 20091019152702.GK17756@tamriel.snowman.net обсуждение исходный текст |
| Ответ на | Re: Application name patch - v2 (Pavel Stehule <pavel.stehule@gmail.com>) |
| Ответы |
Re: Application name patch - v2
|
| Список | pgsql-hackers |
* Pavel Stehule (pavel.stehule@gmail.com) wrote: > 2009/10/19 Stephen Frost <sfrost@snowman.net>: > > * Pavel Stehule (pavel.stehule@gmail.com) wrote: > >> Superuser permission could not be a problem. Simple security definer > >> function can do it. > > > > Then you've defeated the point of making it superuser-only. > > no. Because when I write security definer function, then I explicitly > allow an writing for some roles. When I don't write this function, > then GUC is secure. And what happens when those 'some roles' are used by broken applications? You don't get to say "make it superuser only" and then turn around and tell people to hack around the fact that it's superuser only to be able to use it. That's not a solution. Stephen
В списке pgsql-hackers по дате отправления: