| From: | "Aasmund Midttun Godal" <postgresql(at)envisity(dot)com> |
|---|---|
| To: | pgsql-sql(at)postgresql(dot)org |
| Subject: | Access to functions |
| Date: | 2001-10-19 01:51:18 |
| Message-ID: | 20011019015118.25128.qmail@ns.krot.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-sql |
There is currently no functionality to grant or deny access to functions.
I believe anyone can run any function and the function is run as the user who runs it.
This is also the case with views, which is odd, as the rest of the select statement is granted access to a table which the function in the view does not have access to.
Functions triggered seem on the other handed to be 'trusted'. This can obviously be exploited.
I have noticed a trusted field in the pg_proc and pg_language tables, can I use this somehow (I haven't got my hopes up as they are all 't' on pg_proc), ??
I looked through the todo, and albeit being a lot of new features in the grant section I cannot find any info regarding these issues.
Sincerely,
Aasmund.
Aasmund Midttun Godal
aasmund(at)godal(dot)com - http://www.godal.com/
+47 40 45 20 46
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David Allardyce | 2001-10-19 02:56:53 | Table Constraints with NULL values |
| Previous Message | Douglas Rafael da Silva | 2001-10-19 01:45:00 | Diferent databases on same query... |