| From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
|---|---|
| To: | Andrew Chernow <ac(at)esilo(dot)com> |
| Cc: | Merlin Moncure <mmoncure(at)gmail(dot)com>, Hannu Krosing <hannu(at)krosing(dot)net>, Grzegorz Jaskiewicz <gj(at)pointblue(dot)com(dot)pl>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: user-based query white list |
| Date: | 2008-12-07 16:41:11 |
| Message-ID: | 493BFCA7.5010000@dunslane.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Andrew Chernow wrote:
>
> I think what is missing is a way to deny the execution of queries that
> don't operate on an object (like a table, sequence, role, schema,
> etc...), OR queries not covered by the priv system. Object-based
> queries can be locked down using the existing priv system. Not sure
> if denying non-object related queries would work; what happens when
> you call "SELECT NOW()" within an allowed function?
>
>
What exactly are you trying to protect against?
In general, my attitude is that databases should not allow direct access
from untrusted sources. The API restriction you are talking about is
something that is trivially easy to build into middleware, and only the
middleware should be allowed access to the database.
cheers
andrew
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Dunstan | 2008-12-07 16:44:08 | Re: Mostly Harmless: Welcoming our C++ friends |
| Previous Message | Michael Renner | 2008-12-07 16:19:00 | WAL documentation changes |