opportunities of inline funtions

From: Anton Maksimenkov <engineer(at)hlebprom(dot)ru>
To: pgsql-admin(at)postgresql(dot)org
Subject: opportunities of inline funtions
Date: 2004-10-28 04:18:24
Message-ID: 41807310.8050009@hlebprom.ru
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

Hi.

There was an idea to make access to the data only through the built - in
functions (on C). There is a table 't_test' which the superuser can read and
write down. There are functions of access, for example, for an insert of the
data:

PG_FUNCTION_INFO_V1(f_test);

Datum
f_test(PG_FUNCTION_ARGS)
{
int ret, proc;
SPI_connect();
ret = SPI_exec("INSERT INTO t_test VALUES ('7', 'hi there')", 0);
proc = SPI_processed;
SPI_finish();
return (proc);
}

It is supposed further, that function will check the data and to carry out
something else, unimportantly. And so. It would be desirable, that this
function was carried out by the usual user, and it could work "as" superuser.
That is has executed an insert of the data. Read caution about "trojan horses"
in functions which allow the usual user to get access to the data which are
inaccessible to him. Here is how this idea I wanted to apply time in positive
sense. So I grant execute of this function to 'testo' user

=> GRANT EXECUTE ON FUNCTION f_test(INT, CHAR) TO testo;

However I receive a mistake

=> SELECT f_test('1','2');
ERROR: t_test: permission denied

How to realize this idea?

--
engineer

Browse pgsql-admin by date

  From Date Subject
Next Message Andrei Bintintan 2004-10-28 05:50:06 pg_dump doesn't save correct the sequences
Previous Message Lee Wu 2004-10-28 02:04:36 pg_ctl stop -m fast