Re: LISTEN filtering
| От | Greg Sabino Mullane |
|---|---|
| Тема | Re: LISTEN filtering |
| Дата | |
| Msg-id | d1ab30e483dcb6c5dd2957f58550ef3c@biglumber.com обсуждение исходный текст |
| Ответ на | Re: LISTEN filtering (Merlin Moncure <mmoncure@gmail.com>) |
| Список | pgsql-general |
-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Tom wrote: > This seems like a pretty bad idea from a security policy standpoint, > in that it would encourage use of superuser state to run ordinary > applications. Yeah, I think the "only from same user" is much better in retrospect. > Anyone connected to the same database, yes. Can't you just restrict use > of the database to trustworthy apps? In this case, no, as I only want to limit /some/ notifications. In other words, listen/notify has both a public and private usage. Merlin asked: > hm. maybe you could use the 9.1 payload feature so that your custom > behavior would only be invoked if a particular payload was sent? Interesting idea! I could go even further and just use randomly generated listen names, rather than worrying about the payload, as the listen/notify names are no longer exposed to anyone else. Thanks, I think that neatly solved the problem. (which wasn't too much of a problem, more an idle thought). - -- Greg Sabino Mullane greg@endpoint.com greg@turnstep.com End Point Corporation 610-983-9073 PGP Key: 0x14964AC8 201106212307 http://biglumber.com/x/web?pk=2529DF6AB8F79407E94445B4BC9B906714964AC8 -----BEGIN PGP SIGNATURE----- iEYEAREDAAYFAk4BXLcACgkQvJuQZxSWSsgVPACdG8QhZqFKTpS8e+QMO/abIhgl ts4AnRZQGveWfr82sOq6CuGZnzwG3RnX =7XmU -----END PGP SIGNATURE-----
В списке pgsql-general по дате отправления: