PatternMatch » History » Version 2
bford -, 05/11/2006 06:57 PM
1 | 1 | bford - | = Pattern Match Feature = |
---|---|---|---|
2 | |||
3 | Also known as allowable objects, this feature allows the administrator to configure the DSN to only see specific objects within the database. This feature was created because PostgreSQL allows any user to see objects within the database regardless of permission. |
||
4 | |||
5 | 2 | bford - | '' Note that this is a secure through obscure type feature and is not a replacement for good and solid role implementation. '' |
6 | 1 | bford - | |
7 | 2 | bford - | The rules for this feature are below: |
8 | 1 | bford - | |
9 | 2 | bford - | * Applies to pattern expressed in ALLOWED_OBJECTS. Can be configured within the connection string or DSN management. |
10 | * Works against tables, schemas and sequences. |
||
11 | * A FROM parameter within the query must be in place for this to work: |
||
12 | * For example if you user connects using another method and creates a function that gets to the data you want seen this feature will not help you. |
||
13 | * For peformance reasons if there is not a FROM construction within the SQL statement, the statement will not be parsed by this feature. |
||
14 | |||
15 | Capabilities: |
||
16 | |||
17 | * Pattern is case sensitive |
||
18 | 1 | bford - | - if pattern contains only table name, this table is in public scheme. E.g. |
19 | info*.*, tabl_* |
||
20 | same as |
||
21 | info*.*, public.tabl_* |
||
22 | - if query contains table name without schema name - for checking used public pattern. |
||
23 | |||
24 | |||
25 | }}} |