Re: untrusted languages and non-global superusers?

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: CSN <cool_screen_name90001(at)yahoo(dot)com>
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: untrusted languages and non-global superusers?
Date: 2005-08-04 02:55:59
Message-ID: 11349.1123124159@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

CSN <cool_screen_name90001(at)yahoo(dot)com> writes:
> I'm using plphpu and I'd like to allow the regular
> database user to use it, but since it's "untrusted" it
> requires users to be superusers. If I have to do this,
> I don't want the user to be a superuser for all
> databases. Is it possible to grant superuser status to
> a user for a specific database?

Exactly how would you prevent him from converting that into global
access? Especially if you're going to give him use of an untrusted
language? He could easily rewrite any configuration file you might
think is going to lock him out of your other databases.

> (The function uses mail(), so IIRC that necessitates
> using plphpu).

Sending mail from a database function (or doing anything else that
involves external side-effects) is generally A Bad Idea, for reasons
that have been covered many times in the list archives.

regards, tom lane

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Logan Bowers 2005-08-04 02:57:29 Re: SELECT count(*) Generating Lots of Write Activity
Previous Message CSN 2005-08-04 02:45:41 untrusted languages and non-global superusers?