| From: | Aleksander Alekseev <aleksander(at)timescale(dot)com> |
|---|---|
| To: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Cc: | Nikita Malakhov <hukutoc(at)gmail(dot)com> |
| Subject: | Re: Protect extension' internal tables - how? |
| Date: | 2023-07-17 12:48:58 |
| Message-ID: | CAJ7c6TOQVQRLjrEqZXwKTNQH_UkYt0fzXRr2w0vTQG5oEYGrHA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
> Could you please advise or give some hint on what is the correct (and
> secure) way to implement this?
>
> Currently I use the owner of the extension as owner when creating
> such a table inside the function, but maybe there are some pitfalls
> in this kind of solution?
If the goal is to protect the user from an _accidental_ access to the
tables, placing them into a separate schema _my_extension_private or
something will be enough.
Otherwise consider using corresponding access control abilities of
PostgreSQL and creating functions with SECURITY DEFINER [1]. Be
mindful that your functions will become a target for privilege
escalation, so you should be extra careful with the implementation.
[1]: https://www.postgresql.org/docs/current/sql-createfunction.html
--
Best regards,
Aleksander Alekseev
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Amit Kapila | 2023-07-17 12:49:44 | Re: [PoC] pg_upgrade: allow to upgrade publisher node |
| Previous Message | Aleksander Alekseev | 2023-07-17 12:36:45 | Re: ObjectIdGetDatum() missing from SearchSysCache*() callers |