PostgreSQL 9.0 arrives with many new features
Posted Sep 21, 2010 22:19 UTC (Tue) by jberkus (subscriber, #55561)
The alternative is SECURITY DEFINER functions. However, most web developers don't care much for stored procedures. And, like setuid bits on files, security definer functions are potentially dangerous if not completely locked down.
In either case, you've given someone a complex way of solving their problem which requires more than a bit of database knowledge. If that person is a web GUI developer who is Just Trying To Get The Job Done, they instead end up running the web app with superuser or database owner permissions. As, indeed, SugarCRM did (and maybe still does).
Posted Sep 22, 2010 5:06 UTC (Wed) by flewellyn (subscriber, #5047)
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds