Re: Contrib Schemas - Mailing list pgsql-hackers

From John DeSoi
Subject Re: Contrib Schemas
Date
Msg-id F075F81A-D5BD-4C93-9AF2-4E9B0C918963@pgedit.com
Whole thread Raw
In response to Re: Contrib Schemas  (Josh Berkus <josh@agliodbs.com>)
List pgsql-hackers
Hi Josh,

On Jan 13, 2006, at 2:34 PM, Josh Berkus wrote:

> I can't see a way to do this except individually, in which case the
> superuser might as well load the functions.   We *have* to be  
> restrictive
> about this because a C function can do anything, including overwriting
> whatever parts of the filesystem "postgres" has access to.  Look  
> over our
> patch releases for the last 2 years and you'll see a host of patches
> designed specifically to prevent regular users from gaining access to
> superuser priveleges.
>
> What you want isn't impossible, but it would be a lot of work and  
> testing
> to engineer such a mechanism and keep PostgreSQL's "most secure"  
> status.
> So far, everyone has found it easier to work around the issue,  
> especially
> since for most sites backup/restore is done by the superuser anyway.

I suspected it was out of the question for security reasons, but I  
wanted to bring it up to make sure I was not missing some alternative  
solution.

I backup and restore all the time for hosted web sites running with  
PostgreSQL as a content management system. This is critical for doing  
site upgrades and you certainly can't depend on the super user in a  
hosted environment.

Maybe the best solution here would be some web interface setup by the  
hoster to perform specific approved tasks like tsearch install. This  
is already the mechanism used to allow users to create their own  
databases.

Thanks for taking the time to respond.



John DeSoi, Ph.D.
http://pgedit.com/
Power Tools for PostgreSQL



pgsql-hackers by date:

Previous
From: Josh Berkus
Date:
Subject: Re: Contrib Schemas
Next
From: "Gevik babakhani"
Date:
Subject: simple utility commands (src/backend/commands)