From: | "Greg Sabino Mullane" <greg(at)turnstep(dot)com> |
---|---|
To: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: LISTEN filtering |
Date: | 2011-06-22 03:09:09 |
Message-ID: | d1ab30e483dcb6c5dd2957f58550ef3c@biglumber.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Tom wrote:
> This seems like a pretty bad idea from a security policy standpoint,
> in that it would encourage use of superuser state to run ordinary
> applications.
Yeah, I think the "only from same user" is much better in retrospect.
> Anyone connected to the same database, yes. Can't you just restrict use
> of the database to trustworthy apps?
In this case, no, as I only want to limit /some/ notifications. In other
words, listen/notify has both a public and private usage.
Merlin asked:
> hm. maybe you could use the 9.1 payload feature so that your custom
> behavior would only be invoked if a particular payload was sent?
Interesting idea! I could go even further and just use randomly
generated listen names, rather than worrying about the payload, as the
listen/notify names are no longer exposed to anyone else. Thanks, I think
that neatly solved the problem. (which wasn't too much of a problem,
more an idle thought).
- --
Greg Sabino Mullane greg(at)endpoint(dot)com greg(at)turnstep(dot)com
End Point Corporation 610-983-9073
PGP Key: 0x14964AC8 201106212307
http://biglumber.com/x/web?pk=2529DF6AB8F79407E94445B4BC9B906714964AC8
-----BEGIN PGP SIGNATURE-----
iEYEAREDAAYFAk4BXLcACgkQvJuQZxSWSsgVPACdG8QhZqFKTpS8e+QMO/abIhgl
ts4AnRZQGveWfr82sOq6CuGZnzwG3RnX
=7XmU
-----END PGP SIGNATURE-----
From | Date | Subject | |
---|---|---|---|
Next Message | Craig Ringer | 2011-06-22 03:22:50 | Re: Help needed with PostgreSQL clustering/switching from MySQL |
Previous Message | Rob Sargent | 2011-06-22 03:00:40 | Re: building 9.1 on suse-11.4 (64bit) |