From: | Philip Warner <pjw(at)rhyme(dot)com(dot)au> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | pgsql-hackers(at)postgreSQL(dot)org |
Subject: | Re: [HACKERS] RFC: Security and Impersonation |
Date: | 1999-07-24 13:12:58 |
Message-ID: | 3.0.5.32.19990724231258.00aefb50@mail.rhyme.com.au |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
At 10:51 23/07/99 -0400, you wrote:
>
>We have some of this, I think, from ACLs on tables and views. But
>as far as I know there is not a notion of a "suid view", one with
>different privileges from its caller. It sounds like a good thing
>to work on. Is there any standard in the area?
>
I'll look through the SQL3 stuff, and see what I can find.
I've now done this,and it's in the SQL3 standard. It is implemented via
Modules. The idea being that all routines (procedures and functions) apear
in a module, and that the module can have a 'Module Authorization
Identifier'. The syntax is:
Create Module MY_MODULE Language SQL
Authorization SOME_ID
Procedure Some_Procedure....
...etc
End Module;
If the auth. ID is specified, then (quoting from the standard p. 95):
"... that <module authorization
identifier> is used as the current <authorization identifier> for
the execution of all <routine>s in the <module>. If the <module
authorization identifier> is not specified, then the SQL-session
<authorization identifier> is used as the current <authorization
identifier> for the execution of each <routine> in the <module>.
Let me know if you want to know more. The relevant standard can be found at:
ftp://gatekeeper.dec.com/pub/standards/sql/sql-foundation-aug94.txt
----------------------------------------------------------------
Philip Warner | __---_____
Albatross Consulting Pty. Ltd. |----/ - \
(A.C.N. 008 659 498) | /(@) ______---_
Tel: +61-03-5367 7422 | _________ \
Fax: +61-03-5367 7430 | ___________ |
Http://www.rhyme.com.au | / \|
| --________--
PGP key available upon request, | /
and from pgp5.ai.mit.edu:11371 |/
From | Date | Subject | |
---|---|---|---|
Next Message | F J Cuberos | 1999-07-24 13:43:16 | |
Previous Message | Philip Warner | 1999-07-24 12:54:56 | Re: [HACKERS] RFC: Security and Impersonation [With Word Wrap!] |