Thu Oct 2 08:25:26 PDT 2008
- Previous message: [Slony1-general] Method for discovering the origin of a set
- Next message: [Slony1-general] Method for discovering the origin of a set
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, 2008-10-02 at 11:18 -0400, Bill Moran wrote: > In response to "Vivek Khera" <vivek at khera.org>: > > > > Before I issue a GRANT to allow select rights on that table to anyone > > > who tries, my questions are: > > > * Is there any inherent danger in allowing SELECT on that table to > > > normal users? > > > * Is there a better way (I looked for a store procedure, such as > > > getlocalnodeid(), but if it exists, I'm not seeing it in the docs) > > > > Can't you define a function that does that query and returns > > true/false as necessary, and is declared as SECURITY DEFINER so that > > it runs with sufficient privileges? > > That's what I'm doing ;) > > What I'm wondering now is if such a function doesn't really belong in > the core of Slony's built in functions? I vote yes for a function that says "am I the origin of set x". As for putting in as a SECURITY DEFINER function, I vote no. Even though I don't think that piece of data is overly sensitive, Slony shouldn't make the decision to expose it to an unprivileged user - that's a decision for the DBA to make. -- Brad Nicholson 416-673-4106 Database Administrator, Afilias Canada Corp.
- Previous message: [Slony1-general] Method for discovering the origin of a set
- Next message: [Slony1-general] Method for discovering the origin of a set
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Slony1-general mailing list