Skip site navigation (1) Skip section navigation (2)

Re: Proposal: access control jails (and introduction as aspiring GSoC student)

From: Robert Haas <robertmhaas(at)gmail(dot)com>
To: Stephen Frost <sfrost(at)snowman(dot)net>
Cc: Joseph Adams <joeyadams3(dot)14159(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Proposal: access control jails (and introduction as aspiring GSoC student)
Date: 2010-03-22 15:02:13
Message-ID: 603c8f071003220802s4fae3ae9j672acecb77ddb06a@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-hackers
On Mon, Mar 22, 2010 at 10:03 AM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> * Robert Haas (robertmhaas(at)gmail(dot)com) wrote:
>> Sometimes it would be nice to conditionalize queries on a value other
>> than the authenticated role.  I really wish we had some kind of SQL
>> variable support.  Talking out of my rear end:
>
> I certainly agree- having variable support in the backend would
> definitely be nice.  I'd want it to be explicit and distinct from GUCs
> though, unlike the situation we have w/ psql right now.

Agreed.

> All that said,
> I'm not really a huge fan of write-your-own-authorization-system in
> general.  If the existing authorization system isn't sufficient for what
> you want, then let's improve it.  There may be specific cases where
> what's needed is particularly complex, but that's what security definer
> functions are for..

Fortunately this functionality also has other uses, so I don't know
that we really need to decide which of those uses we approve of more
or less.

Does the SQL standard specify anything in this area?

...Robert

In response to

Responses

pgsql-hackers by date

Next:From: Kevin GrittnerDate: 2010-03-22 15:32:12
Subject: Re: Comments on Exclusion Constraints and related datatypes
Previous:From: Simon RiggsDate: 2010-03-22 15:01:44
Subject: Re: Comments on Exclusion Constraints and related datatypes

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group