On Wed, Mar 31, 2004 at 03:53:22PM -0500, Mike Mascari wrote: > 2) PostgreSQL allows the use of functions in WHERE clauses that can > modify the database. Oracle does not. A side effect is that if a > user has the ability to write a function, regardless of whether or > not the language is trusted, they can by-pass the use of views as > security: > > http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&threadm=3D02B372.B6A4EFB6%40mascari.com&rnum=2&prev=/groups%3Fq%3DMike%2BMascari%2Bsecurity%2Bhole%26ie%3DUTF-8%26oe%3DUTF-8%26hl%3Den Yes, but Oracle has much more advanced support for row-level security. Look for Fine-Grain Access Controll in the docs. Also, Oracle does allow for DML in SELECT queries; look up autonomous transactions. -- Jim C. Nasby, Database Consultant jim@nasby.net Member: Triangle Fraternity, Sports Car Club of America Give your computer some brain candy! www.distributed.net Team #1828 Windows: "Where do you want to go today?" Linux: "Where do you want to go tomorrow?" FreeBSD: "Are you guys coming, or what?" ---------------------------(end of broadcast)--------------------------- TIP 2: you can get off all lists at once with the unregister command (send "unregister YourEmailAddressHere" to majordomo@postgresql.org)
