Project

General

Profile

PatternMatch » History » Revision 2

Revision 1 (bford -, 05/11/2006 06:52 PM) → Revision 2/6 (bford -, 05/11/2006 06:57 PM)

= Pattern Match Feature = 

 Also known as allowable objects, this feature allows the administrator to configure the DSN to only see specific objects within the database. This feature was created because PostgreSQL allows any user to see objects within the database regardless of permission. 

 '' Note that this is a secure through obscure type feature and is not a replacement for good and solid role implementation. '' 

 The rules for this feature are below: 

  * Applies to {{{ 
 it apply pattern expressed in ALLOWED_OBJECTS. Can be configured within the from field ALLOWED_OBJECTS of connection string or DSN management. 
  * Works against tables, schemas and sequences. 
  * A to all objects in FROM parameter within the query must construction, except functions. 
 Query will be in place for this to work: 
    * For example checked only if you user connects using another method and creates a function that gets to the data you want seen this feature will not help you. 
  * For peformance reasons if there is not a it have FROM construction within the SQL statement, the statement will not be parsed by this feature. construction. 

 Capabilities: 

  * Pattern is - pattern case sensitive 
 - if pattern contains only table name, this table is in public scheme. E.g. 
    info*.*, tabl_* 
 same as 
    info*.*, public.tabl_* 
 - if query contains table name without schema name - for checking used public pattern. 


 }}}