From: | Christopher Browne <cbbrowne(at)gmail(dot)com> |
---|---|
To: | Dimitri Fontaine <dimitri(at)2ndquadrant(dot)fr> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: Getting rid of pg_pltemplate |
Date: | 2011-08-23 19:51:09 |
Message-ID: | CAFNqd5XUFJuK0Na5fGuo3eJvfWbjR_rB_pO6Vye51AzKiiGLUw@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Tue, Aug 23, 2011 at 3:09 PM, Dimitri Fontaine
<dimitri(at)2ndquadrant(dot)fr> wrote:
> Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> writes:
>> We'll add a new boolean parameter to extension control files, called say
>> "dba_create" (ideas for better names welcome). If it's missing or set
>> to false, there's no change in behavior. When it's true, then
>>
>> (a) you must be superuser or owner of the current database to create the
>> extension;
>>
>> (b) the commands within the extension's script will be run as though by a
>> superuser, even if you aren't one.
>
> That's called sudo on linux. I propose that we stick to such a name.
Actually, this is somewhat more like UNIX setuid (2).
When I first started using SECURITY DEFINER functions, I thought of it
as being "like sudo." But it's really "like setuid".
--
When confronted by a difficult problem, solve it by reducing it to the
question, "How would the Lone Ranger handle this?"
From | Date | Subject | |
---|---|---|---|
Next Message | Andrew Dunstan | 2011-08-23 20:07:56 | pg_dump --exclude-table-data |
Previous Message | Tom Lane | 2011-08-23 19:19:51 | Re: Getting rid of pg_pltemplate |