Re: user-based query white list

On 2008-12-06, at 18:30, Andrew Chernow wrote:

> Grzegorz Jaskiewicz wrote:
>> On 2008-12-06, at 18:21, Andrew Chernow wrote:
>>> Looking for a way to limited a user to a specific set of queries.   
>>> I don't think this can be done right now ... or can it?  Has this  
>>> feature request surfaced in the past?
>>>
>>> I currently need this as an extra security measure for a libpq  
>>> client app (want to block arbitrary queries from malicious  
>>> attackers).  The easiest way I found was to add some query_string  
>>> checks into backend/tcop/postgres.c for the 'Q' and 'P' commands  
>>> in PostgresMain().  Seems to work just fine.  If it doesn't match,  
>>> I issue an ereport FATAL since that is seen as a "malicious query  
>>> execution attempt".
>>>
>>> I think it is something rather simple to design/implement  
>>> (probably use a table of user allowed queries, support regex  
>>> matches, etc.. loaded at session startup and SIGHUP).
>> Can it be done with views, and adjusting permissions so user is  
>> only allowed to use few views ??
>
> Not sure.  The client I am working on only calls functions, small  
> API to interact with (no knowledge of views or tables).  Even if  
> that were not the case, would views stop a client from sending in  
> other queries, like "SELECT 1+1" or something that could bog down  
> the server?


I use views to simplify code. Say you have a simple join, with one  
WHERE. You omit the WHERE in view, and leave it like that. Than just  
select foo1, foo2 from VIEW WHERE boo1=foo1 and foo3 <> '123';
Postgresql is smart enough, to run it as one query (as oppose to  
mysql), so the code is simpler, everybody's happy.

If you want to continue on that discussion, I suggest we move it to pg- 
general.