From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
Cc: | "Roberts, Jon" <Jon(dot)Roberts(at)asurion(dot)com>, "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, Greg Sabino Mullane <greg(at)turnstep(dot)com>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: Including PL/PgSQL by default |
Date: | 2008-02-22 16:45:53 |
Message-ID: | 4729.1203698753@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Andrew Dunstan <andrew(at)dunslane(dot)net> writes:
> Roberts, Jon wrote:
>> However, you can not create anything in Oracle without being given
>> permission to create it. The notion that you can create a function
>> because you have connect rights to the database is foreign to me.
>> Connect should mean connect, not connect AND create.
> You'd need more than that.
> For example, since we don't support temp functions, we should probably
> ban the creation of functions in temp schemas (which I found was possible).
What for? If you don't want someone to use a language, you should
either revoke his USAGE privilege on that language, or remove it
from his database altogether. We have plenty of access-control
mechanisms in place already, we don't need weird special-case
restrictions on top of those.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Jeremy Drake | 2008-02-22 16:49:27 | Re: Including PL/PgSQL by default |
Previous Message | Tom Lane | 2008-02-22 16:38:53 | Re: Linking backend in one piece |