| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Joseph Adams <joeyadams3(dot)14159(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Proposal: access control jails (and introduction as aspiring GSoC student) |
| Date: | 2010-03-22 15:02:13 |
| Message-ID: | 603c8f071003220802s4fae3ae9j672acecb77ddb06a@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, Mar 22, 2010 at 10:03 AM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> * Robert Haas (robertmhaas(at)gmail(dot)com) wrote:
>> Sometimes it would be nice to conditionalize queries on a value other
>> than the authenticated role. I really wish we had some kind of SQL
>> variable support. Talking out of my rear end:
>
> I certainly agree- having variable support in the backend would
> definitely be nice. I'd want it to be explicit and distinct from GUCs
> though, unlike the situation we have w/ psql right now.
Agreed.
> All that said,
> I'm not really a huge fan of write-your-own-authorization-system in
> general. If the existing authorization system isn't sufficient for what
> you want, then let's improve it. There may be specific cases where
> what's needed is particularly complex, but that's what security definer
> functions are for..
Fortunately this functionality also has other uses, so I don't know
that we really need to decide which of those uses we approve of more
or less.
Does the SQL standard specify anything in this area?
...Robert
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kevin Grittner | 2010-03-22 15:32:12 | Re: Comments on Exclusion Constraints and related datatypes |
| Previous Message | Simon Riggs | 2010-03-22 15:01:44 | Re: Comments on Exclusion Constraints and related datatypes |