| From: | CSN <cool_screen_name90001(at)yahoo(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: untrusted languages and non-global superusers? |
| Date: | 2005-08-04 04:29:47 |
| Message-ID: | 20050804042947.31538.qmail@web52908.mail.yahoo.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
--- Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> CSN <cool_screen_name90001(at)yahoo(dot)com> writes:
> > I'm using plphpu and I'd like to allow the regular
> > database user to use it, but since it's
> "untrusted" it
> > requires users to be superusers. If I have to do
> this,
> > I don't want the user to be a superuser for all
> > databases. Is it possible to grant superuser
> status to
> > a user for a specific database?
>
> Exactly how would you prevent him from converting
> that into global
> access? Especially if you're going to give him use
> of an untrusted
> language? He could easily rewrite any configuration
> file you might
> think is going to lock him out of your other
> databases.
You lost me - how is any of that possible?
>
> > (The function uses mail(), so IIRC that
> necessitates
> > using plphpu).
>
> Sending mail from a database function (or doing
> anything else that
> involves external side-effects) is generally A Bad
> Idea, for reasons
> that have been covered many times in the list
> archives.
Why, exactly? In this situation I just set up a
trigger that sends a welcome email to newly inserted
members. Very convenient.
CSN
____________________________________________________
Start your day with Yahoo! - make it your home page
http://www.yahoo.com/r/hs
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joseph Shraibman | 2005-08-04 04:29:54 | What happens when wal fails? |
| Previous Message | Tom Lane | 2005-08-04 03:25:49 | Re: SELECT count(*) Generating Lots of Write Activity |