[Pljava-dev] Re: PL Java Security (sqlj / owner postgres)
Thomas Hallgren
thhal at mailblocks.com
Sun Feb 6 18:34:17 UTC 2005
Ing. Filip Hrbek wrote:
>
> > Filip,
> > > SQLJ Schema security:
> > > -----------------------------------
> > > The SQLJ schema is authorized to user postgres.
> > >
> > Why? In my installation, I don\'t have a postgres user. Is
> \"postgres\" a
> > non-superuser in your setup?
>
> Yes, you are right. There is no reason to have a \"postgres\" user. I
> am just used to have it as a default (and the only) superuser.
>
> I wrote the \"checkIfConnectedAsSuperuser\" method in the source (I
> can see it already in CVS :-), this check should be sufficient. The
> SQLJ schema and its object can be owned by another supersuser who is
> deploying pl/Java, not only by the default \"postgres\" user. The only
> important thing is that the SQLJ objects owner has the superuser flag
> \"on\".
Ok, great. I removed the use of "postgres" user. I also added so that
only user that have CREATE permissions on a schema can do set_classpath
on that schema. I added a note about security inthe userguide.html.
- thomas
More information about the Pljava-dev
mailing list