| From: | Bruce Momjian <maillist(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | jwieck(at)debis(dot)com |
| Cc: | darcy(at)druid(dot)net, pgsql-hackers(at)postgreSQL(dot)org |
| Subject: | Re: [HACKERS] Table permissions problem |
| Date: | 1998-08-13 11:36:13 |
| Message-ID: | 199808131136.HAA08446@candle.pha.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> > Remember some tables are shared with all databases. Makes things more
> > difficult.
>
> And that's why I suggested a uid/euid model over functions,
> triggers and views, where the permission checks are done
> against the function/view owner instead of the current user.
> If nobody reverted things, this is already done for views
> (pg_user vs pg_shadow). The ACL checks are done during the
> rewrite.
>
> So CREATE VIEW or CREATE RULE could eventually use some trick
> to get around the restrictions on pg_rewrite but ensure that
> the rule owner is the one creating it. Pg_rewrite itself must
> be protected, otherwise a user could change the ownership of
> a view and get around access restrictions.
Couldn't we do some permission checks on tables at runtime from the
rewrite system ONLY when a table is being added or UPDATE is added to
SELECT, etc?
Would that solve the problem? Maybe not because you would have to rip
apart the plan, wouldn't you?
--
Bruce Momjian | 830 Blythe Avenue
maillist(at)candle(dot)pha(dot)pa(dot)us | Drexel Hill, Pennsylvania 19026
+ If your life is a hard drive, | (610) 353-9879(w)
+ Christ can be your backup. | (610) 853-3000(h)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 1998-08-13 12:22:57 | Re: [HACKERS] tuple return from function |
| Previous Message | Jan Wieck | 1998-08-13 11:35:51 | tuple return from function |