On Tue, Aug 23, 2011 at 3:09 PM, Dimitri Fontaine <dimi...@2ndquadrant.fr> wrote: > Tom Lane <t...@sss.pgh.pa.us> writes: >> We'll add a new boolean parameter to extension control files, called say >> "dba_create" (ideas for better names welcome). If it's missing or set >> to false, there's no change in behavior. When it's true, then >> >> (a) you must be superuser or owner of the current database to create the >> extension; >> >> (b) the commands within the extension's script will be run as though by a >> superuser, even if you aren't one. > > That's called sudo on linux. I propose that we stick to such a name.
Actually, this is somewhat more like UNIX setuid (2). When I first started using SECURITY DEFINER functions, I thought of it as being "like sudo." But it's really "like setuid". -- When confronted by a difficult problem, solve it by reducing it to the question, "How would the Lone Ranger handle this?" -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers