Gregory Stark wrote:
Consider a scenario like "package <x> uses dblink". Sysadmin follows
instructions for package <x> and installs dblink. Now package <x>'s
documentation isn't going to explain the second-order effects and discuss
restricting who has access to dblink. The sysadmin has no particular interest
in using dblink himself and probably will never read any dblink docs.

On the other hand if dblink can't be executed by random users then when
package x tells you to install dblink it will also tell you to grant access to
the user that package runs as. The sysadmin can consider which users that
should be.

See my last email...

Consider a scenario like "package <x> uses <arbitrary function y in an untrusted language z>". Exact same concerns arise.


---------------------------(end of broadcast)---------------------------
TIP 7: You can help support the PostgreSQL project by donating at


Reply via email to