[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Proposal for 2.0: SODA 2.0

Subject: Re: Proposal for 2.0: SODA 2.0
From: Adam Thompson <..hidden..>
Date: Mon, 08 Mar 2010 18:15:12 -0600

Chris Travers wrote:

I am going to make another suggestion here.  We should probably
suggest that no reporting functions should run as security definer.
This allows the same data to be accessed relationally as would be
retrieved by the function.

I'd like to see the project go one step further and declare that noread-access functions should run as SECURITY DEFINER, only write-accessfunctions.

I can't think of any real-world example I've ever run into wherecolumn-level permission granularity couldn't solve this. (Well, exceptfor really badly-designed databases that needed, effectively, row-levelsecurity!)


And there shouldn't be any functions that both read and write (I think).

--
-Adam Thompson
 <..hidden..>
 (204) 291-7950

References:
- Proposal for 2.0: SODA 2.0
  - From: Chris Travers
- Re: Proposal for 2.0: SODA 2.0
  - From: Adam Thompson
- Re: Proposal for 2.0: SODA 2.0
  - From: Chris Travers
- Re: Proposal for 2.0: SODA 2.0
  - From: Chris Travers

Prev by Date: Re: Proposal for 2.0: SODA 2.0
Next by Date: Re: Proposed Architecture Changes in 2.0 (Request for comments)
Previous by thread: Re: Proposal for 2.0: SODA 2.0
Next by thread: Re: Proposal for 2.0: SODA 2.0
Index(es):
- Date
- Thread