| From: | Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org> |
|---|---|
| To: | "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com> |
| Cc: | Bill Moran <wmoran(at)collaborativefusion(dot)com>, "Roberts, Jon" <Jon(dot)Roberts(at)asurion(dot)com>, "'pgsql-performance(at)postgresql(dot)org'" <pgsql-performance(at)postgresql(dot)org> |
| Subject: | Re: viewing source code |
| Date: | 2007-12-14 17:11:27 |
| Message-ID: | 20071214171127.GE6269@alvh.no-ip.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-performance |
Joshua D. Drake wrote:
> > > However, in the current configuration, all users with permission to
> > > log in can see all source code. They don't have rights to execute
> > > the functions but they can see the source code for them. Shouldn't
> > > I be able to revoke both the ability to execute and the ability to
> > > see functions?
>
> Yes and know. If your functions are interpreted then no, I don't see
> any reason for this feature, e.g; python,perl,plpgsql,sql,ruby. I can
> read them on disk anyway.
If you have access to the files, which is not necessarily the case.
Random users, in particular, won't.
Maybe this can be done by revoking privileges to pg_proc. I am sure it
can be made to work. It does work for pg_auth_id, and nobody says that
"they can read the passwords from disk anyway."
--
Alvaro Herrera Developer, http://www.PostgreSQL.org/
"We're here to devour each other alive" (Hobbes)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Campbell, Lance | 2007-12-14 17:11:41 | Large Objects and Toast |
| Previous Message | Joshua D. Drake | 2007-12-14 17:04:33 | Re: viewing source code |