On Wed, Feb 20, 2002 at 07:15:49AM -0800, Jeff Eckermann wrote:
> If I understand right, many Oracle applications limit data access by
> users (thereby enhancing security) by allowing data access only via
> procedures.
I am not sure if many Oracle applications do this, but I know that it is
possible in Oracle, Solid and at least few others. I think MS-SQL and
Sybase support it as well.
> You appear to be saying that you like this feature, and you want it to
> be available in PostgreSQL.
It is currently used in our Solid databse and redesigning it would be a
LOT of work. And we used it to create an extra level of security for out
database. So that if someone would have been able to break though the
Apache/PHP security checks he still wouldn't been able to do anything
that he was wasn't allowed to do anyway.
> PostgreSQL has a different method of achieving the same result, as has
> already been pointed out (views with appropriate rewrite rules).
It doesn't look to me to have the same result. But even if it would
give me the same result, a stored procedure which is owned by a user
(just like a user owns tables, views and sequences) and runs as this
user make sense in my opinion. And then it is also natural to have this
user use GRANT to grant others to use his functions while running them
with his privileges. At least, this is what I expected and in the other
databases I looked at, it works like this. So I was very surpriced that
PostgreSQL didn't support it.
> If there is not a strong desire among PostgreSQL users for the feature
> that you want, that is probably because the existing method works well
> for them.
Or that they didn't think of the possibility..
> Remember that PostgreSQL is a project run and developed by volunteers.
> The strongest vote for a new feature is the submission of code. The
> developers are not insensitive to the requests of users, but: if
> development is left to them, don't be surprised that they use their
> own judgement about what is most important.
>
> I have never seen anyone on this list say that Oracle is not a good
> product.
I didn't mean this. It is just that this is a vital feature fro me,
because I would have to completely rewite the applications
we now have without it. And that is simply not an option.
--
#!perl # Life ain't fair, but root passwords help.
# Eric Veldhuyzen eric@terra.telemediair.nl
$!=$;=$_+(++$_);($:,$~,$/,$^,$*,$@)=$!=~ # Perl Monger
/.(.)...(.)(.)....(.)..(.)..(.)/;`$^$~$/$: $^$*$@$~ $_>&$;`
