Recent Features
| |||||||||||||
PostgreSQL 9.0 arrives with many new featuresPostgreSQL 9.0 arrives with many new featuresPosted Sep 21, 2010 22:09 UTC (Tue) by flewellyn (subscriber, #5047)In reply to: PostgreSQL 9.0 arrives with many new features by jberkus Parent article: PostgreSQL 9.0 arrives with many new features
I've written applications that do controlled DDL at runtime without problems. I don't see why that's so dangerous.
(Log in to post comments)
PostgreSQL 9.0 arrives with many new features Posted Sep 21, 2010 22:19 UTC (Tue) by jberkus (guest, #55561) [Link]
In order for the application to make DDL changes at runtime, the application role needs to have unrestricted permissions on at least some tables. This creates a security hole if the web application is compromised.
The alternative is SECURITY DEFINER functions. However, most web developers don't care much for stored procedures. And, like setuid bits on files, security definer functions are potentially dangerous if not completely locked down.
In either case, you've given someone a complex way of solving their problem which requires more than a bit of database knowledge. If that person is a web GUI developer who is Just Trying To Get The Job Done, they instead end up running the web app with superuser or database owner permissions. As, indeed, SugarCRM did (and maybe still does).
PostgreSQL 9.0 arrives with many new features Posted Sep 22, 2010 5:06 UTC (Wed) by flewellyn (subscriber, #5047) [Link]
Fair enough. I suppose if all you need is extensible attributes without integrity checks, runtime DDL is overkill as well.
|
|||||||||||||