Home > mailing lists

AW: AW: "setuid" functions, a solution to the RI privil ege problem - Mailing list pgsql-hackers

From	Zeugswetter Andreas SB
Subject	AW: AW: "setuid" functions, a solution to the RI privil ege problem
Date	September 18, 2000 07:17:08
Msg-id	11C1E6749A55D411A9670001FA687963368080@sdexcsrv1.f000.d0188.sd.spardat.at Whole thread Raw
Responses	Re: AW: AW: "setuid" functions, a solution to the RI privil ege problem
List	pgsql-hackers

Tree view

> But the pg_shadow authentication is based on credentials 
> provided by the
> client whereas what you propose here would run on the server, so this
> doesn't make sense. 

Since you can write extensions to PostgreSQL that reach far into the OS,
it does make sense to execute those extensions under a "non priviledged"
user, and not postgres. This OS user would somehow be tied to the username
that the client passes as his credentials (and that we trust to be
authenticated).

This is actually not my idea, it is implemented in Informix, DB2 and I think
Oracle.

Andreas

pgsql-hackers by date:

From: Zeugswetter Andreas SB
Date: 18 September 2000, 07:07:38
Subject: AW: new relkind for view

From: Philip Warner
Date: 18 September 2000, 07:17:25
Subject: Re: Constant propagation and similar issues

AW: AW: "setuid" functions, a solution to the RI privil ege problem - Mailing list pgsql-hackers

Previous

Next