Home > mailing lists

Re: Application name patch - v2 - Mailing list pgsql-hackers

From	Stephen Frost
Subject	Re: Application name patch - v2
Date	October 19, 2009 15:27:11
Msg-id	20091019152702.GK17756@tamriel.snowman.net Whole thread Raw
In response to	Re: Application name patch - v2 (Pavel Stehule <pavel.stehule@gmail.com>)
Responses	Re: Application name patch - v2
List	pgsql-hackers

Tree view

* Pavel Stehule (pavel.stehule@gmail.com) wrote:
> 2009/10/19 Stephen Frost <sfrost@snowman.net>:
> > * Pavel Stehule (pavel.stehule@gmail.com) wrote:
> >> Superuser permission could not be a problem. Simple security definer
> >> function can do it.
> >
> > Then you've defeated the point of making it superuser-only.
>
> no. Because when I write security definer function, then I explicitly
> allow an writing for some roles. When I don't write this function,
> then GUC is secure.

And what happens when those 'some roles' are used by broken
applications?  You don't get to say "make it superuser only" and then
turn around and tell people to hack around the fact that it's superuser
only to be able to use it.  That's not a solution.
Stephen

pgsql-hackers by date:

From: Alvaro Herrera
Date: 19 October 2009, 15:22:22
Subject: Re: COPY enhancements

From: Robert Haas
Date: 19 October 2009, 15:34:43
Subject: Re: COPY enhancements

Re: Application name patch - v2 - Mailing list pgsql-hackers

Previous

Next