| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Joseph Adams <joeyadams3(dot)14159(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Proposal: access control jails (and introduction as aspiring GSoC student) |
| Date: | 2010-03-22 14:03:57 |
| Message-ID: | 20100322140357.GU21875@tamriel.snowman.net |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
* Robert Haas (robertmhaas(at)gmail(dot)com) wrote:
> Sometimes it would be nice to conditionalize queries on a value other
> than the authenticated role. I really wish we had some kind of SQL
> variable support. Talking out of my rear end:
I certainly agree- having variable support in the backend would
definitely be nice. I'd want it to be explicit and distinct from GUCs
though, unlike the situation we have w/ psql right now. All that said,
I'm not really a huge fan of write-your-own-authorization-system in
general. If the existing authorization system isn't sufficient for what
you want, then let's improve it. There may be specific cases where
what's needed is particularly complex, but that's what security definer
functions are for..
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2010-03-22 14:13:57 | Re: Comments on Exclusion Constraints and related datatypes |
| Previous Message | Robert Haas | 2010-03-22 13:58:17 | Re: Comments on Exclusion Constraints and related datatypes |