Skip site navigation (1) Skip section navigation (2)

opportunities of inline funtions

From: Anton Maksimenkov <engineer(at)hlebprom(dot)ru>
To: pgsql-admin(at)postgresql(dot)org
Subject: opportunities of inline funtions
Date: 2004-10-28 04:18:24
Message-ID: 41807310.8050009@hlebprom.ru (view raw or flat)
Thread:
Lists: pgsql-admin
Hi.

  There was an idea to make access to the data only through the built - in 
functions (on C). There is a table 't_test' which the superuser can read and 
write down. There are functions of access, for example, for an insert of the 
data:

PG_FUNCTION_INFO_V1(f_test);

Datum
f_test(PG_FUNCTION_ARGS)
{
         int ret, proc;
         SPI_connect();
         ret = SPI_exec("INSERT INTO t_test VALUES ('7', 'hi there')", 0);
         proc = SPI_processed;
         SPI_finish();
         return (proc);
}

  It is supposed further, that function will check the data and to carry out 
something else, unimportantly. And so. It would be desirable, that this 
function was carried out by the usual user, and it could work "as" superuser. 
That is has executed an insert of the data. Read caution about "trojan horses" 
in functions which allow the usual user to get access to the data which are 
inaccessible to him. Here is how this idea I wanted to apply time in positive 
sense. So I grant execute of this function to 'testo' user

=> GRANT EXECUTE ON FUNCTION f_test(INT, CHAR) TO testo;


However I receive a mistake

=> SELECT f_test('1','2');
ERROR:  t_test: permission denied

How to realize this idea?

-- 
engineer

pgsql-admin by date

Next:From: Andrei BintintanDate: 2004-10-28 05:50:06
Subject: pg_dump doesn't save correct the sequences
Previous:From: Lee WuDate: 2004-10-28 02:04:36
Subject: pg_ctl stop -m fast

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group