Re: eval function

From: saeed ahmed <mycomputerbooks(at)gmail(dot)com>
To: Chris Travers <chris(dot)travers(at)gmail(dot)com>
Cc: Sim Zacks <sim(at)compulab(dot)co(dot)il>, PostgreSQL general <pgsql-general(at)postgresql(dot)org>
Subject: Re: eval function
Date: 2011-07-31 16:43:33
Message-ID: CAK05ZxEfk++iobgY1stbrEy1zuQfDjwF2xQyssFC9qnWs-fAEg@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

i am new to postgresql and not very good in english language.i need
help to understand,how i can make,(by using postgresql)something like
microsofts access.i remebre you see a lot of buttons and
functions.when you finish inserting some data,you have something
permanent like a software that remains for ever.and everytime you need
to insert new data ,you can simply.
another example is openoffice's base.where you can make tables,queries
and lot more.
what i want to know is how can one use postgresql like microsoft
access or openoffices base?

2011/7/31, Chris Travers <chris(dot)travers(at)gmail(dot)com>:
>> Any security definer function should be designed with security in mind.
>> That
>> is the responsibility of the dba. You can't limit the dba in what he can
>> do
>> just in case he doesn't know what he is doing. You can suggest, but if the
>> dba thinks he knows what he is doing, give him all the tools to do it.
>> If the function can cause privilege escalation when not in a security
>> definer function, then I would say there is a serious problem with the
>> security system of the engine. Can you think of any possibility where a
>> function would allow privilege escalation when it is not in a security
>> definer function?
>
> No I can't. But you can actually prevent this problem by making the
> function security definer. Something like:
>
> CREATE SCHEMA evaljail;
> CREATE USER evaljail;
> GRANT USAGE ON SCHEMA evaljail TO evaljail;
> REVOKE CREATE ON SCHEMA evaljail FROM evaljail;
> REVOKE USAGE ON SCHEMA public FROM evaljail;
> CREATE FUNCTION evaljail.eval......
> ALTER FUNCTION evaljail.eval OWNER TO evaljail;
> ALTER FUNCTION evaljail.eval SECURITY DEFINER;
>
> Now the function has no table access at all.
>
>
> postgres=# select evaltest.eval('select * from public.test');
> ERROR: permission denied for schema public
> LINE 1: select (select * from public.test)::text as res1
> ^
> QUERY: select (select * from public.test)::text as res1
> CONTEXT: PL/pgSQL function "eval" line 8 at EXECUTE statement
> postgres=# select evaltest.eval('1 - 2');
> eval
> ------
> -1
> (1 row)
>
> Best Wishes,
> Chris Travers
>
> --
> Sent via pgsql-general mailing list (pgsql-general(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-general
>

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message John R Pierce 2011-07-31 17:10:54 Re: eval function
Previous Message Chris Travers 2011-07-31 13:52:27 Re: eval function