Home > mailing lists

Re: pgsql: Use GRANT system to manage access to sensitive functions - Mailing list pgsql-committers

From	Michael Paquier
Subject	Re: pgsql: Use GRANT system to manage access to sensitive functions
Date	April 7, 2016 04:59:47
Msg-id	CAB7nPqTN1aPjV_yGE=rtBoSNEszeh9__vOwdV7RLtFb0BPZWWA@mail.gmail.com Whole thread Raw
In response to	pgsql: Use GRANT system to manage access to sensitive functions (Stephen Frost <sfrost@snowman.net>)
List	pgsql-committers

Tree view

On Thu, Apr 7, 2016 at 10:45 AM, Stephen Frost <sfrost@snowman.net> wrote:
> Use GRANT system to manage access to sensitive functions
>
> Now that pg_dump will properly dump out any ACL changes made to
> functions which exist in pg_catalog, switch to using the GRANT system
> to manage access to those functions.
>
> This means removing 'if (!superuser()) ereport()' checks from the
> functions themselves and then REVOKEing EXECUTE right from 'public' for
> these functions in system_views.sql.

+1.
--
Michael

pgsql-committers by date:

From: Stephen Frost
Date: 07 April 2016, 04:46:01
Subject: pgsql: In pg_dump, split "dump" into "dump" and "dump_contains"

From: Tom Lane
Date: 07 April 2016, 06:00:44
Subject: Re: pgsql: Use GRANT system to manage access to sensitive functions

Re: pgsql: Use GRANT system to manage access to sensitive functions - Mailing list pgsql-committers

Previous

Next