On Wed, Jun 24, 2009 at 9:52 AM, Tom Lane<tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> "Albe Laurenz" <laurenz(dot)albe(at)wien(dot)gv(dot)at> writes:
>> Robert Haas wrote:
>>> I don't think this is true. You can use SET SESSION AUTHORIZATION,
>> You are right, I overlooked that.
>> It is restricted to superusers though.
> That sort of thing is only workable if you have trustworthy client code
> that controls what queries the users can issue. If someone can send raw
> SQL commands then he just needs to do RESET SESSION AUTHORIZATION to
> become superuser.
Good point, although since the OP said it was a webapp, they probably
have control over that.
In response to
pgsql-performance by date
|Next:||From: Alvaro Herrera||Date: 2009-06-24 16:29:15|
|Subject: Re: tsvector_update_trigger performance?|
|Previous:||From: Tom Lane||Date: 2009-06-24 13:52:34|
|Subject: Re: Implications of having large number of users |