Re: Contrib Schemas

Hi Josh,

On Jan 13, 2006, at 2:34 PM, Josh Berkus wrote:

> I can't see a way to do this except individually, in which case the
> superuser might as well load the functions. We *have* to be
> restrictive
> about this because a C function can do anything, including overwriting
> whatever parts of the filesystem "postgres" has access to. Look
> over our
> patch releases for the last 2 years and you'll see a host of patches
> designed specifically to prevent regular users from gaining access to
> superuser priveleges.
>
> What you want isn't impossible, but it would be a lot of work and
> testing
> to engineer such a mechanism and keep PostgreSQL's "most secure"
> status.
> So far, everyone has found it easier to work around the issue,
> especially
> since for most sites backup/restore is done by the superuser anyway.

I suspected it was out of the question for security reasons, but I
wanted to bring it up to make sure I was not missing some alternative
solution.

I backup and restore all the time for hosted web sites running with
PostgreSQL as a content management system. This is critical for doing
site upgrades and you certainly can't depend on the super user in a
hosted environment.

Maybe the best solution here would be some web interface setup by the
hoster to perform specific approved tasks like tsearch install. This
is already the mechanism used to allow users to create their own
databases.

Thanks for taking the time to respond.

John DeSoi, Ph.D.
http://pgedit.com/
Power Tools for PostgreSQL