Skip site navigation (1) Skip section navigation (2)

Re: Permissions within a function

From: Thomas Hallgren <thhal(at)mailblocks(dot)com>
To: Peter Eisentraut <peter_e(at)gmx(dot)net>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: Permissions within a function
Date: 2004-12-18 09:58:11
Message-ID: thhal-0tZefAvk3cS4JdA1Udl4kFuJH0Z64U0@mailblocks.com (view raw or flat)
Thread:
Lists: pgsql-hackers
Peter Eisentraut wrote:

>Thomas Hallgren wrote:
>  
>
>>Is there a way to bypass security checks that retains the SQL parser?
>>I'd like my C-code to do something like:
>>
>>impersonate pgadmin
>>SELECT image from class_table
>>revert to self
>>    
>>
>
>You can use GetUserId() and SetUserId() to flip the current user 
>identity around as you like.  For such a simple query, however, it 
>might seem better to bypass SPI altogether and do a straight table 
>lookup through lower-level functions.
>  
>
Brilliant! I had no idea it was that simple. SetUserId seems to be 
extremely lightweight and just what I need. By using it, I can let my 
ClassLoader execute with other restrictions than the function caller 
(bypassing SPI is not so good for me since the loader is fairly complex 
and will access more than one table).

Thanks for the advice,
Thomas Hallgren



In response to

Responses

pgsql-hackers by date

Next:From: ohpDate: 2004-12-18 15:03:00
Subject: Re: Call for port reports
Previous:From: Thomas HallgrenDate: 2004-12-18 09:45:10
Subject: Re: Permissions within a function

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group