2009/10/19 Stephen Frost <sfr...@snowman.net>: > * Pavel Stehule (pavel.steh...@gmail.com) wrote: >> 2009/10/19 Stephen Frost <sfr...@snowman.net>: >> > * Pavel Stehule (pavel.steh...@gmail.com) wrote: >> >> Superuser permission could not be a problem. Simple security definer >> >> function can do it. >> > >> > Then you've defeated the point of making it superuser-only. >> >> no. Because when I write security definer function, then I explicitly >> allow an writing for some roles. When I don't write this function, >> then GUC is secure. > > And what happens when those 'some roles' are used by broken > applications? You don't get to say "make it superuser only" and then > turn around and tell people to hack around the fact that it's superuser > only to be able to use it. That's not a solution.
You don't understand me. When I would to have a secure environment, then I don't write this function. So there will not be a posibility to change application name from session. Pavel > > Stephen > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > > iEYEARECAAYFAkrchUYACgkQrzgMPqB3kij8nACfUrF/wkpsORpXiN0QgbXvONdi > ghYAn19MpPNnRrf9BxmIOVBRR212JU6c > =c5tL > -----END PGP SIGNATURE----- > > -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
