>I'm not sure what "change the arguments sent to SQL" means. A
>malicious user with sufficient privileges can do all sorts of damage,
>and there's not much much you can do about it short of not letting
>malicious users have privileges.
>
>your foreign data wrapper code should probably require that the user who
>creates a FDW connection to an external database have adequate
>permissions. the foreign database servr already has its own
>authentication hoops tha this FDW user will have to provide.
Hi John,
Please find the reply from Tom on the idea of SQL-Pl/Java calls:
This was what I wrote:
> We plan to call SQL through SPI from the FDW,which in turn would call
> the Pl/Java routine.
This was what Tom replied:
*******
If you're saying that every Java function that the FDW needs would have to
be exposed as a SQL function, that seems like a pretty high-risk (not to
mention low performance) approach. Not only do you have to design a SQL
representation for every datatype you need, but you have to be sure that you
do not have any security holes arising from unscrupulous users calling those
SQL functions manually with arguments of their choosing.
************
Please let me know your opinion on this.
Atri