| From: | Christopher Browne <cbbrowne(at)gmail(dot)com> |
|---|---|
| To: | Dimitri Fontaine <dimitri(at)2ndquadrant(dot)fr> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Getting rid of pg_pltemplate |
| Date: | 2011-08-23 19:51:09 |
| Message-ID: | CAFNqd5XUFJuK0Na5fGuo3eJvfWbjR_rB_pO6Vye51AzKiiGLUw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Aug 23, 2011 at 3:09 PM, Dimitri Fontaine
<dimitri(at)2ndquadrant(dot)fr> wrote:
> Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> writes:
>> We'll add a new boolean parameter to extension control files, called say
>> "dba_create" (ideas for better names welcome). If it's missing or set
>> to false, there's no change in behavior. When it's true, then
>>
>> (a) you must be superuser or owner of the current database to create the
>> extension;
>>
>> (b) the commands within the extension's script will be run as though by a
>> superuser, even if you aren't one.
>
> That's called sudo on linux. I propose that we stick to such a name.
Actually, this is somewhat more like UNIX setuid (2).
When I first started using SECURITY DEFINER functions, I thought of it
as being "like sudo." But it's really "like setuid".
--
When confronted by a difficult problem, solve it by reducing it to the
question, "How would the Lone Ranger handle this?"
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Dunstan | 2011-08-23 20:07:56 | pg_dump --exclude-table-data |
| Previous Message | Tom Lane | 2011-08-23 19:19:51 | Re: Getting rid of pg_pltemplate |