| From: | Hannu Krosing <hannu(at)tm(dot)ee> |
|---|---|
| To: | Thomas Hallgren <thhal(at)mailblocks(dot)com> |
| Cc: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Permissions within a function |
| Date: | 2004-12-17 19:40:50 |
| Message-ID: | 1103312449.3971.5.camel@fuji.krosing.net |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On R, 2004-12-17 at 21:12, Thomas Hallgren wrote:
> I'd like some views on the following issue.
>
> The pljava function call handler will resolve a class name using a
> loader that in turn uses a specific table in the PostgreSQL database.
> Hence, the caller of the function must have select permissions on that
> table or the function will fail. I would like to prevent this somehow
> but I don't know how to go about that. Is there any way to bypass the
> permissions when I do an SPI call from within a call handler somehow?
Would SECURITY DEFINER not work for pljava ?
Or if you are looking for something that has to be done inside the pl
handler maybe you should use another function with SECURITY DEFINER and
owned by superuser for function lookups ?
----------------
Hannu
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2004-12-17 20:03:35 | Re: Permissions within a function |
| Previous Message | vamsi krishna | 2004-12-17 19:23:21 | Re: Permissions within a function |