Home > mailing lists

Re: [PATCH] Re: Setuid functions - Mailing list pgsql-hackers

From	Peter Eisentraut
Subject	Re: [PATCH] Re: Setuid functions
Date	June 23, 2001 22:30:14
Msg-id	Pine.LNX.4.30.0106231732430.724-100000@peter.localdomain Whole thread Raw
In response to	[PATCH] Re: Setuid functions (Mark Volpe <volpe.mark@epa.gov>)
Responses	Re: [PATCH] Re: Setuid functions
List	pgsql-hackers

Tree view

Mark Volpe writes:

> This patch will implement the "ENABLE PRIVILEGE" and "DISABLE PRIVILEGE"
> commands   in PL/pgSQL, which, respectively, change the effective uid to that
> of the function owner and back.

May I suggest better names?  When I do DISABLE PRIVILEGE, do I no longer
have any privilege?  Also, in SQL, the term "privilege" refers to
select/insert/update/etc. right on some table, so "enable privilege" would
be "grant".  The term for user identity is "authorization", so I would
call these commands
 SET AUTHORIZATION { INVOKER | DEFINER }

("invoker" and "definer" are part of the SQL CREATE FUNCTION syntax) and
the default would be invoker.

-- 
Peter Eisentraut   peter_e@gmx.net   http://funkturm.homeip.net/~peter

pgsql-hackers by date:

From: Tom Lane
Date: 23 June 2001, 21:47:24
Subject: Re: Good name for new lock type for VACUUM?

From: Peter Eisentraut
Date: 23 June 2001, 22:35:32
Subject: Re: Setuid functions

Re: [PATCH] Re: Setuid functions - Mailing list pgsql-hackers

Previous

Next