| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | Jan Wieck <JanWieck(at)Yahoo(dot)com> |
| Cc: | PostgreSQL HACKERS <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: New Privilege model purposal |
| Date: | 2000-08-04 22:01:42 |
| Message-ID: | Pine.LNX.4.21.0008050001180.1568-100000@localhost.localdomain |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Jan Wieck writes:
> Anyway, it's good to hear you're still on it. What's the
> estimated time you think it'll be ready to get patched in?
Next release. I would hope we can get the current stuff into beta in a
month or so, whereas this project would break open a lot of things.
> The thing users actually complain about is the requirement of
> UPDATE permissions to REFERENCE a table. This could be fixed
> with making RI triggers setuid functions for 7.1 and check
> that the user at least has SELECT permission on the
> referenced table during constraint creation. This would also
> remove the actual DOS problem, that a user could potentiall
> create a referencing table and not giving anyone who can
> update the referenced one update permissions on it too.
>
> I think it's worth doing it now, and couple it later with
> your general access control things.
True. I had already looked into this, it's not fundamentally difficult,
but there's a lot of code that will need to be touched.
If you want to go for it, be my guest; I agree that it is fairly
orthogonal to the rest of the privilege system. I'll put it on my priority
list if no one's taking it.
--
Peter Eisentraut Sernanders väg 10:115
peter_e(at)gmx(dot)net 75262 Uppsala
http://yi.org/peter-e/ Sweden
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2000-08-04 22:03:19 | Re: Re: [GENERAL] random() function produces wrong range |
| Previous Message | Peter Eisentraut | 2000-08-04 21:59:44 | Installation layout idea |