On Wed, Apr 4, 2012 at 12:24 PM, leaf_yxj <leaf_yxj@163.com> wrote:
> Hi Aaron: thanks. I tried the security definer. it works well as follows :
>
> CREATE FUNCTION kill_process(integer) RETURNS boolean AS 'select
> pg_cancel_backend($1);' LANGUAGE SQL SECURITY DEFINER;
>
> ---- One more question about this function : if non-super user get the
> execute this function, he/her will have privilege to kill all the processes
> which belong to the postgresql process. How can we avoid that happing.
maybe, inside kill_process, do a quick check against pg_stat_activity
and bail if the process doesn't belong to a known usename?
merlin