Re: Protecting stored procedures
От | Joshua D. Drake |
---|---|
Тема | Re: Protecting stored procedures |
Дата | |
Msg-id | 1302196606.23164.37.camel@jd-desktop обсуждение исходный текст |
Ответ на | Re: Protecting stored procedures (Andrew Sullivan <ajs@crankycanuck.ca>) |
Список | pgsql-general |
On Thu, 2011-04-07 at 12:45 -0400, Andrew Sullivan wrote: > On Thu, Apr 07, 2011 at 09:31:20AM -0500, Michael Gould wrote: > > We wouldn't make any of the system users a superuser in Postgres and in my > > 20+ years experience in the industry we provide software for, the > > possibility of having any users of the system that are able to hack or even > > understand what they have if they were able to is slim. > > So you aren't afraid your users are going to take this code, but you > want to put (relatively meaningless) protection in place anyway? > > I guess maybe the security definer functions might help you. As someone mentioned previously, there is also pl/secure. It certainly isn't perfect but it will deal with the low hanging fruit. Sincerely, Joshua D. Drake -- PostgreSQL.org Major Contributor Command Prompt, Inc: http://www.commandprompt.com/ - 509.416.6579 Consulting, Training, Support, Custom Development, Engineering http://twitter.com/cmdpromptinc | http://identi.ca/commandprompt
В списке pgsql-general по дате отправления: