Re: sepgsql contrib module

2011/1/19 KaiGai Kohei <kaigai@ak.jp.nec.com>:
>>  And how about adding a
>> ProcessUtility_hook to trap evil non-DML statements that some
>> nefarious user might issues?
>>
> It seems to me reasonable as long as the number of controlled command
> are limited. For example, LOAD command may be a candidate being
> controlled without exceptions.
> However, it will be a tough work, if the plug-in tries to parse and
> analyze supplied utility commands by itself.

I think the key is to either accept or reject the command based on
very simple criteria - decide based only on the command type, and
ignore its parameters.

> I uploaded my draft here.
>  http://wiki.postgresql.org/wiki/SEPostgreSQL_Documentation
>
> If reasonable, I'll move them into *.sgml style.

I have yet to review that, but will try to get to it before too much
more time goes by.

> I may want to simplify the step to installation using an installer
> script.

OK, but let's get this nailed down as soon as possible.  Tempus fugit.

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company