Re: Restricting Direct Access to a C Function in PostgreSQL
| От | Pavel Stehule |
|---|---|
| Тема | Re: Restricting Direct Access to a C Function in PostgreSQL |
| Дата | |
| Msg-id | CAFj8pRCGcryby+TfM8a=+dercCaHaj1=U2rJEKPkzv6rHhdwQw@mail.gmail.com обсуждение исходный текст |
| Ответ на | Restricting Direct Access to a C Function in PostgreSQL (Ayush Vatsa <ayushvatsa1810@gmail.com>) |
| Ответы |
Re: Restricting Direct Access to a C Function in PostgreSQL
|
| Список | pgsql-hackers |
Hi
ne 11. 8. 2024 v 9:23 odesílatel Ayush Vatsa <ayushvatsa1810@gmail.com> napsal:
Hi PostgreSQL Community,
I have a scenario where I am working with two functions: one in SQL and another in C, where the SQL function is a wrapper around C function. Here’s an example:
CREATE OR REPLACE FUNCTION my_func(IN input text) RETURNS BIGINT AS $$ DECLARE result BIGINT; BEGIN SELECT col2 INTO result FROM my_func_extended(input); RETURN result; END; $$ LANGUAGE plpgsql; CREATE OR REPLACE FUNCTION my_func_extended( IN input text, OUT col1 text, OUT col2 BIGINT ) RETURNS SETOF record AS 'MODULE_PATHNAME', 'my_func_extended' LANGUAGE C STRICT PARALLEL SAFE;I need to prevent direct execution of
my_func_extendedfrom psql while still allowing it to be called from within the wrapper functionmy_func.I’m considering the following options:
- Using GRANT/REVOKE in SQL to manage permissions.
- Adding a check in the C function to allow execution only if
my_funcis in the call stack (previous parent or something), and otherwise throwing an error.Is there an existing approach to achieve this, or would you recommend a specific solution?
You can use fmgr hook, and hold some variable as gate if your function my_func_extended can be called
With this option, the execution of my_func_extended will be faster, but all other execution will be little bit slower (due overhead of hook). But the code probably will be more simpler than processing callback stack.
plpgsql_check uses fmgr hook, and it is working well - just there can be some surprises, when the hook is activated in different order against function's execution, and then the FHET_END can be executed without related FHET_START.
Regards
Pavel
Best regards,
Ayush Vatsa
AWS
В списке pgsql-hackers по дате отправления: