Обсуждение: Triggers to allow user create table?

Had a question on best approach with some security issues around on the fly table creation by a user.

I want to users to create dynamic tables from the application. This means that the user logged in should have create table privileges at the database level. Assuming this is a security risk for allowing all users to have table creation privileges. is it possible to create some sort of trigger to allow the user to create table when ready and once it's done revoke it automatically?

What is the best approach conceptual wise and security wise when dealing with these situations? The less the user can do on the database the better it is?

Thanks!

See the SECURITY DEFINER option for CREATE FUNCTION. This way you
don't have to give them create table privileges, but they can still
create a table through your function. You'll need to use EXECUTE to
create a table in pl/pgsql.




On May 27, 2007, at 4:50 PM, CAJ CAJ wrote:

> Had a question on best approach with some security issues around on
> the fly table creation by a user.
>
> I want to users to create dynamic tables from the application. This
> means that the user logged in should have create table privileges
> at the database level. Assuming this is a security risk for
> allowing all users to have table creation privileges. is it
> possible to create some sort of trigger to allow the user to create
> table when ready and once it's done revoke it automatically?
>
> What is the best approach conceptual wise and security wise when
> dealing with these situations? The less the user can do on the
> database the better it is?





John DeSoi, Ph.D.
http://pgedit.com/
Power Tools for PostgreSQL