| From: | Gregory Stark <stark(at)enterprisedb(dot)com> |
|---|---|
| To: | "Joe Conway" <mail(at)joeconway(dot)com> |
| Cc: | "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "Stephen Frost" <sfrost(at)snowman(dot)net>, "Magnus Hagander" <magnus(at)hagander(dot)net>, "Robert Treat" <xzilla(at)users(dot)sourceforge(dot)net>, "pgsql-patches" <pgsql-patches(at)postgresql(dot)org> |
| Subject: | Re: dblink connection security |
| Date: | 2007-07-09 04:22:19 |
| Message-ID: | 87k5tab404.fsf@oxford.xeocode.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-patches |
"Joe Conway" <mail(at)joeconway(dot)com> writes:
> See my last email...
>
> Consider a scenario like "package <x> uses <arbitrary function y in an
> untrusted language z>". Exact same concerns arise.
Well arbitrary function may or may not actually do anything that needs to be
restricted.
If it does then yes the same concerns arise and the same conclusion reached.
That users should be granted permission to execute it based on local policies.
Certainly granting execute permission to public by default is a bad start in
that regard.
--
Gregory Stark
EnterpriseDB http://www.enterprisedb.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2007-07-09 04:30:37 | Re: dblink connection security |
| Previous Message | Stephen Frost | 2007-07-09 04:16:36 | Re: dblink connection security |