2011/6/16 Manuel Gysin <manuel.gysin@xxxxxxxxxxxxxxxxx>: >>From: "Pavel Stehule" <pavel.stehule@xxxxxxxxx> >> >>Hello >> >>try to use a security definer functions >> >>http://www.postgresql.org/docs/current/static/sql-createfunction.html >> >>inside this function you can access to resourcess thats are no >>available from outer for web user >> >>Regards >> >>Pavel Stehuke > > I understand the idea behind it but it does not protect me when someone can dump the whole database. > He can simply change the user credentials and can access this function. But anyway thanks for the hint, it's useful to improve security! > if attacker can dump a database, then any protection is terrible hard or impossible :( if you store some very good salted hash instead password to database, then access to dump isn't helpful for attacker. Regards Pavel Stehule p.s. any security protections are thin without full control over server. -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
