Hi Luke, Chris,

On Sat, Jul 9, 2011 at 10:51 PM, Luke <[email protected]> wrote:

> On Sat, 9 Jul 2011, Chris Travers wrote:
>
> > As I am starting into this there are a couple of necessary changes.
> >
> > The biggest is that rewrite rules are not going to be good ideas here.
> > They effectively prevent permissions from being properly enforced on
> > the DDL level.  Triggers have the same problem.  Therefore looking at
> > requiring modules to have their own stored procs for inserting file
> > attachments.
> >
> > I am not sure what happens with triggers and inheritance and so not
> > going down that road, but using rewrite rules only.....
> >
> > Feedback on this would be appreciated.
>
> Unfortunately, I at least can't provide any.  I do not understand what you
> mean by "rewrite rules".
>

Same here. I assume you mean the CREATE RULE statements, however, I have no
experience with them.


> All I can suggest, which you've probably already considered, is to push as
> much functionality as high as possible, and enforce permissions by shell
> procs at the module level.  Keep the main logic above that.


>From a design point not as nice: lots of duplicated procs, but otoh, if it
allows "easy" enforcement of authorizations, I'm all for it!

Bye,

Erik.
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________
Ledger-smb-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel

Reply via email to