| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | Mark Volpe <volpe(dot)mark(at)epa(dot)gov> |
| Cc: | <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [PATCH] Re: Setuid functions |
| Date: | 2001-06-23 15:48:20 |
| Message-ID: | Pine.LNX.4.30.0106231732430.724-100000@peter.localdomain |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Mark Volpe writes:
> This patch will implement the "ENABLE PRIVILEGE" and "DISABLE PRIVILEGE"
> commands in PL/pgSQL, which, respectively, change the effective uid to that
> of the function owner and back.
May I suggest better names? When I do DISABLE PRIVILEGE, do I no longer
have any privilege? Also, in SQL, the term "privilege" refers to
select/insert/update/etc. right on some table, so "enable privilege" would
be "grant". The term for user identity is "authorization", so I would
call these commands
SET AUTHORIZATION { INVOKER | DEFINER }
("invoker" and "definer" are part of the SQL CREATE FUNCTION syntax) and
the default would be invoker.
--
Peter Eisentraut peter_e(at)gmx(dot)net http://funkturm.homeip.net/~peter
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2001-06-23 15:51:42 | Re: Good name for new lock type for VACUUM? |
| Previous Message | Hiroshi Inoue | 2001-06-23 14:39:39 | RE: Good name for new lock type for VACUUM? |