| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | CSN <cool_screen_name90001(at)yahoo(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: untrusted languages and non-global superusers? |
| Date: | 2005-08-04 02:55:59 |
| Message-ID: | 11349.1123124159@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
CSN <cool_screen_name90001(at)yahoo(dot)com> writes:
> I'm using plphpu and I'd like to allow the regular
> database user to use it, but since it's "untrusted" it
> requires users to be superusers. If I have to do this,
> I don't want the user to be a superuser for all
> databases. Is it possible to grant superuser status to
> a user for a specific database?
Exactly how would you prevent him from converting that into global
access? Especially if you're going to give him use of an untrusted
language? He could easily rewrite any configuration file you might
think is going to lock him out of your other databases.
> (The function uses mail(), so IIRC that necessitates
> using plphpu).
Sending mail from a database function (or doing anything else that
involves external side-effects) is generally A Bad Idea, for reasons
that have been covered many times in the list archives.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Logan Bowers | 2005-08-04 02:57:29 | Re: SELECT count(*) Generating Lots of Write Activity |
| Previous Message | CSN | 2005-08-04 02:45:41 | untrusted languages and non-global superusers? |