Search Postgresql Archives

Re: PG13 Trusted Extension usability issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



"Brad Nicholson" <bradn@xxxxxxxxxx> writes:
> First, as a long time user of the pgextwlist extension, I'm happy to see
> this functionality appearing in core.  However, as a long term user of that
> extension, I can say that ability to create an extension as a non-super
> user is pretty limited in itself in a lot of cases.  Many extensions both
> in contrib and external ones (like PostGIS for example) don't give
> appropriate permissions to actually use the extension.

> Taking postgresql_fdw as an example.

I'm confused about your point here.  postgresql_fdw has intentionally
*not* been marked trusted.  That's partly because it doesn't seem like
outside-the-database access is something we want to allow by default,
but it's also the case that there are inside-the-database permissions
issues.  So no, we have not solved those, but that is not a shortcoming
of the trusted-extensions feature AFAICS.  It is not the intent of
that feature that you can randomly mark unsafe extensions as trusted
and have every one of their permissions safety-checks vanish.

			regards, tom lane





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux