Re: Getting rid of pg_pltemplate
| От | Dimitri Fontaine |
|---|---|
| Тема | Re: Getting rid of pg_pltemplate |
| Дата | |
| Msg-id | m2pqjvopdq.fsf@2ndQuadrant.fr обсуждение исходный текст |
| Ответ на | Re: Getting rid of pg_pltemplate (Christopher Browne <cbbrowne@gmail.com>) |
| Список | pgsql-hackers |
Christopher Browne <cbbrowne@gmail.com> writes: > Actually, this is somewhat more like UNIX setuid (2). > > When I first started using SECURITY DEFINER functions, I thought of it > as being "like sudo." But it's really "like setuid". I see SECURITY DEFINER functions definitely as setuid for PostgreSQL, but I was thinking about this CREATE EXTENSION thing more like sudo. In the former case, you manage the rights on the object (script, function), in the latter case you manage the rights on the command issued. Well I guess it's a very thin line here. But maybe the parameter could be called security_definer, knowing that the control files are a superuser privilege thing (so the definer needs to be a superuser granted the postgres system user). Maybe run_script_with_superuser is more explicit for the situation though. Regards, -- Dimitri Fontaine http://2ndQuadrant.fr PostgreSQL : Expertise, Formation et Support
В списке pgsql-hackers по дате отправления: