Home > mailing lists

Restricting Direct Access to a C Function in PostgreSQL - Mailing list pgsql-hackers

From	Ayush Vatsa
Subject	Restricting Direct Access to a C Function in PostgreSQL
Date	August 11 10:23:23
Msg-id	CACX+KaNZvPiki5BgF-z14h+SG-rjerm=J0rs8M3nkBTB=xVwog@mail.gmail.com Whole thread Raw
Responses	Re: Restricting Direct Access to a C Function in PostgreSQL
List	pgsql-hackers

Tree view

Hi PostgreSQL Community,

I have a scenario where I am working with two functions: one in SQL and another in C, where the SQL function is a wrapper around C function. Here’s an example:

CREATE OR REPLACE FUNCTION my_func(IN input text)
RETURNS BIGINT AS $$
DECLARE    result BIGINT;
BEGIN    SELECT col2 INTO result FROM my_func_extended(input);    RETURN result;
END;
$$ LANGUAGE plpgsql;

CREATE OR REPLACE FUNCTION my_func_extended(    IN  input text,    OUT col1 text,    OUT col2 BIGINT
)
RETURNS SETOF record
AS 'MODULE_PATHNAME', 'my_func_extended'
LANGUAGE C STRICT PARALLEL SAFE;

I need to prevent direct execution of my_func_extended from psql while still allowing it to be called from within the wrapper function my_func.

I’m considering the following options:

Using GRANT/REVOKE in SQL to manage permissions.
Adding a check in the C function to allow execution only if my_func is in the call stack (previous parent or something), and otherwise throwing an error.

Is there an existing approach to achieve this, or would you recommend a specific solution?

Best regards,
Ayush Vatsa
AWS

pgsql-hackers by date:

From: Junwang Zhao
Date: 11 August, 10:03:28
Subject: Re: Support tid range scan in parallel?

From: Pavel Stehule
Date: 11 August, 12:41:11
Subject: Re: Restricting Direct Access to a C Function in PostgreSQL

Restricting Direct Access to a C Function in PostgreSQL - Mailing list pgsql-hackers

Previous

Next