Thread: AW: [PATCH] Re: Setuid functions

AW: [PATCH] Re: Setuid functions

From
Zeugswetter Andreas SB
Date:
> > This patch will implement the "ENABLE PRIVILEGE" and "DISABLE PRIVILEGE"
> > commands   in PL/pgSQL, which, respectively, change the effective uid to that
> > of the function owner and back. It doesn't break security (I hope). The
> > commands can be abbreviated as "ENABLE" and "DISABLE" for the poor saps that

Anybody else want to object to this abbreviation idea ? Seems 
reading ENABLE; or DISABLE; is very hard to interpret in source code
(enable what ?) and should thus not be allowed (or allow "ENABLE PRIV").

Andreas


Re: AW: [PATCH] Re: Setuid functions

From
Mark Volpe
Date:
Actually, I liked the SET AUTHORIZATION { DEFINER | INVOKER } terminology
mentioned earlier.

Mark

Zeugswetter Andreas SB wrote:
> 
> > > This patch will implement the "ENABLE PRIVILEGE" and "DISABLE PRIVILEGE"
> > > commands   in PL/pgSQL, which, respectively, change the effective uid to that
> > > of the function owner and back. It doesn't break security (I hope). The
> > > commands can be abbreviated as "ENABLE" and "DISABLE" for the poor saps that
> 
> Anybody else want to object to this abbreviation idea ? Seems
> reading ENABLE; or DISABLE; is very hard to interpret in source code
> (enable what ?) and should thus not be allowed (or allow "ENABLE PRIV").
> 
> Andreas
> 
> ---------------------------(end of broadcast)---------------------------
> TIP 3: if posting/reading through Usenet, please send an appropriate
> subscribe-nomail command to majordomo@postgresql.org so that your
> message can get through to the mailing list cleanly


Re: AW: [PATCH] Re: Setuid functions

From
Tom Lane
Date:
Zeugswetter Andreas SB  <ZeugswetterA@wien.spardat.at> writes:
> Anybody else want to object to this abbreviation idea ?

I thought we already agreed to change the names per Peter's suggestion.

I didn't like the original names whether abbreviated or not ...
        regards, tom lane