| From: | Dominique Devienne <ddevienne(at)gmail(dot)com> |
|---|---|
| To: | Daniel Verite <daniel(at)manitou-mail(dot)org> |
| Cc: | pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: How to store "blobs" efficiently for small and large sizes, with random access |
| Date: | 2022-10-19 13:16:39 |
| Message-ID: | CAFCRh--4POUreG+1hk8OuSq3xxwXapJxa7VZpXU_qS3q8EyB-Q@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Wed, Oct 19, 2022 at 3:01 PM Daniel Verite <daniel(at)manitou-mail(dot)org> wrote:
> Dominique Devienne wrote:
> > the fact the lo table is unique for the whole database would allow
> > users to see blobs from any schema, as I understand it.
> Each large object has its own set of permissions. This is a significant
> difference with bytea, since every creation of a new large object
> may need to be followed by GRANT statements.
> Also if the roles and the access policies are changed in the
> lifetime of the app, that might imply massive REVOKE/GRANT
> statements to apply to existing objects.
Thank you Daniel. Very interesting, and something I definitely didn't know.
I believe that's doable, given our design on ROLEs, but would for sure
be both a PITA, and
additional management / code to deal with. At least GRANTs are
transactional like the new
LO oids themselves, I think, so now I know it would be possible to
properly secure the LOs.
This insight is greatly appreciated. --DD
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ravi Krishna | 2022-10-19 13:31:49 | Speeding up adding fky on a very large table |
| Previous Message | Mladen Gogala | 2022-10-19 13:06:03 | Re: COMMIT IN STORED PROCEDURE WHILE IN A LOOP |