| Subject | AW: [firebird-support] SetUID stored procedures? |
|---|---|
| Author | Steffen Heil |
| Post date | 2005-01-27T08:23:01Z |
Hi
All firebird stored procedures have SetUID on, and change rights to the
owner of the stored procedure.
Example:
Table T, Stored Procedure S
User U and H
Don't give any privileges for T to U, but all to H.
Let S be owned by H.
Give execute rights for S to U.
Never give anyone creditials for H, but for U.
Now users can access T only using S.
At least this is the way I understand SQL security.
Regards,
Steffen
[Non-text portions of this message have been removed]
> I was just thinking, for some of the tables that I've made,It is possible right now.
> it would be good if I could make it so that ordinary users
> could not SELECT * (for instance) on it, nor INSERT INTO, but
> could use stored procedures that *DO* do these things. I was
> thinking that this could be implemented by marking those
> stored procedures as having been marked SetUID by a
> particular user, and so they would run with the privs of that
> user (similar to UNIX). I don't think this is possible on
> any other platform, but I could be wrong. Is this possible
> on Firebird right now? I couldn't see anything like that in
> the manual... (Mind, not even PostgreSQL has it, and they
> seem to have *everything* under the sun...) :)
All firebird stored procedures have SetUID on, and change rights to the
owner of the stored procedure.
Example:
Table T, Stored Procedure S
User U and H
Don't give any privileges for T to U, but all to H.
Let S be owned by H.
Give execute rights for S to U.
Never give anyone creditials for H, but for U.
Now users can access T only using S.
At least this is the way I understand SQL security.
Regards,
Steffen
[Non-text portions of this message have been removed]