On 2008-12-06, at 18:21, Andrew Chernow wrote:
Looking for a way to limited a user to a specific set of queries. I
don't think this can be done right now ... or can it? Has this
feature request surfaced in the past?
I currently need this as an extra security measure for a libpq
client app (want to block arbitrary queries from malicious
attackers). The easiest way I found was to add some query_string
checks into backend/tcop/postgres.c for the 'Q' and 'P' commands in
PostgresMain(). Seems to work just fine. If it doesn't match, I
issue an ereport FATAL since that is seen as a "malicious query
execution attempt".
I think it is something rather simple to design/implement (probably
use a table of user allowed queries, support regex matches, etc..
loaded at session startup and SIGHUP).
Can it be done with views, and adjusting permissions so user is only
allowed to use few views ??
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
