Skip site navigation (1) Skip section navigation (2)

Re: When and where to check for function permissions

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: When and where to check for function permissions
Date: 2002-02-14 00:26:22
Message-ID: Pine.LNX.4.30.0202131922250.683-100000@peter.localdomain (view raw or flat)
Thread:
Lists: pgsql-hackers
Tom Lane writes:

> Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> > Now I remembered the way SQL99 specifies
> > function resolution, which has the permission check before the function
> > resolution begins.
>
> That may be what the spec says, but I think the spec is completely
> brain-dead in this regard and should be ignored.

Why?

> We do not resolve table names that way, why should we resolve function
> names?

We do not resolve table names at all.

> Even more to the point, what happens when someone adds or revokes
> privileges that would affect already-planned queries?

The query plans are invalidated.


Note:  I'm not convinced of this idea either.  But proclaiming it
brain-dead isn't going to push me either way.  You could say Unix shells
are brain-dead, too, because they do the same thing.

-- 
Peter Eisentraut   peter_e(at)gmx(dot)net


In response to

Responses

pgsql-hackers by date

Next:From: Dann CorbitDate: 2002-02-14 00:26:34
Subject: geo_decls.h oopsie...
Previous:From: Peter EisentrautDate: 2002-02-14 00:12:57
Subject: Re: NAMEDATALEN Changes

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group