Josh Berkus wrote:
Mike,
I think most people coming from any other enterprise-class RDBMS
environment will be surprised that they cannot use VIEWs to provide
user-specific views on data. I could be wrong, but I'd put money on it...
Well, I'd say that giving regular users the "create" permission on your database/schema is unwise, period. I don't, even when the only user is "phpuser". SQL injections attacks are no fun.
Also, as Andrew points out, this can't be used to circumvent view-based security if you've set it up correctly; if the user can't "select * from table", then he can't write a function to "select * from table."
Seems it's a bit more complicated. Kris Jurka has explained to me how one might be able to, at least theoretically. Perhaps Mike needs to do something like:
revoke usage on language sql from public;
on his db. Then users could continue to use functions he has defined, but not subvert things via their own functions. That will certainly go into my list of db hardening tips and tricks.
cheers
andrew
---------------------------(end of broadcast)--------------------------- TIP 7: don't forget to increase your free space map settings
