Skip site navigation (1) Skip section navigation (2)

Re: Implications of having large number of users

From: Robert Haas <robertmhaas(at)gmail(dot)com>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at>, "Mike Ivanov *EXTERN*" <mikei(at)activestate(dot)com>, pgsql-performance(at)postgresql(dot)org
Subject: Re: Implications of having large number of users
Date: 2009-06-24 14:30:39
Message-ID: 603c8f070906240730h2af995d1j7100108b174e8421@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-performance
On Wed, Jun 24, 2009 at 9:52 AM, Tom Lane<tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> "Albe Laurenz" <laurenz(dot)albe(at)wien(dot)gv(dot)at> writes:
>> Robert Haas wrote:
>>> I don't think this is true.  You can use SET SESSION AUTHORIZATION,
>>> right?
>
>> You are right, I overlooked that.
>> It is restricted to superusers though.
>
> That sort of thing is only workable if you have trustworthy client code
> that controls what queries the users can issue.  If someone can send raw
> SQL commands then he just needs to do RESET SESSION AUTHORIZATION to
> become superuser.

Good point, although since the OP said it was a webapp, they probably
have control over that.

...Robert

In response to

pgsql-performance by date

Next:From: Alvaro HerreraDate: 2009-06-24 16:29:15
Subject: Re: tsvector_update_trigger performance?
Previous:From: Tom LaneDate: 2009-06-24 13:52:34
Subject: Re: Implications of having large number of users

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group