-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Tom wrote:
> This seems like a pretty bad idea from a security policy standpoint,
> in that it would encourage use of superuser state to run ordinary
> applications.
Yeah, I think the "only from same user" is much better in retrospect.
> Anyone connected to the same database, yes. Can't you just restrict use
> of the database to trustworthy apps?
In this case, no, as I only want to limit /some/ notifications. In other
words, listen/notify has both a public and private usage.
Merlin asked:
> hm. maybe you could use the 9.1 payload feature so that your custom
> behavior would only be invoked if a particular payload was sent?
Interesting idea! I could go even further and just use randomly
generated listen names, rather than worrying about the payload, as the
listen/notify names are no longer exposed to anyone else. Thanks, I think
that neatly solved the problem. (which wasn't too much of a problem,
more an idle thought).
- --
Greg Sabino Mullane greg@endpoint.com greg@turnstep.com
End Point Corporation 610-983-9073
PGP Key: 0x14964AC8 201106212307
http://biglumber.com/x/web?pk=2529DF6AB8F79407E94445B4BC9B906714964AC8
-----BEGIN PGP SIGNATURE-----
iEYEAREDAAYFAk4BXLcACgkQvJuQZxSWSsgVPACdG8QhZqFKTpS8e+QMO/abIhgl
ts4AnRZQGveWfr82sOq6CuGZnzwG3RnX
=7XmU
-----END PGP SIGNATURE-----
