我可以在 postgres 中创建一个组/用户角色,以便它只能执行预定义的功能吗?

发布于 2024-10-01 07:00:07 字数 560 浏览 3 评论 0原文

我想创建一个数据库用户,它将使用我的预定义函数(登录(pass,login),get_users_you_are_in_charge_off(login,pass)等)。

因为这应该对任何人开放,所以我想创建一个数据库用户/组角色,只允许该用户执行我的预定义函数。

问题是这些函数使用 SELECT、UPDATE、INSERT。当我只授予执行这些函数的权限时,它们会抛出错误,表明它们没有执行此操作的权限。

有什么想法吗? (也许我可以静态地更改函数内的角色?)

// 回答一些评论 对于第 1 条评论:好的,我会看一下,如果对我有帮助的话会回复。谢谢。好的,谢谢您的回答,这正是我所需要的。感谢用户“plundra”!

致第二条评论: 我已经有一个表或用户(及其登录名)。但是如果我创建一个函数 checkLogin(name, pass),该函数需要从表 users 中进行选择。如果我不授予用户执行 SELECTS 的权限,它就不起作用。如果我确实授予了权限,那么用户就可以从用户中执行 SELECT * ;并查看密码是什么。

好的,谢谢您的回答,第一条评论正是我所需要的。感谢用户“plundra”!

I want to make a database user, which would use my predefined functions (login(pass, login), get_users_you_are_in_charge_off(login, pass) etc.).

Because this should be open to anybody, i want to create a db user/group role that would only allow that user to execute my predefined functions.

The problem is that those functions use SELECT, UPDATE, INSERT. And when I only give rights to execute the functions, they throw errors, that they don't have permisions to do that.

Any ideas? (Maybe i could statically change a role inside the functions?)

// TO answer some of the comments
To 1th comment: OK, I will look at it and reply if it can help me. Thanks. OK, thanks for your answer, it is EXACTLY what I need. Thanks user "plundra"!

To 2th comment:
I already have a table or users (with their logins). But if I make a function checkLogin(name, pass), that function needs to select from the table users. And if I don't give right to the user to do SELECTS, it doesn't work. If I do give the rights, then the user can just do SELECT * from users; and see what the passwords are.

OK, thanks for your answers, the first comment is EXACTLY what I need. Thanks user "plundra"!

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

小梨窩很甜 2024-10-08 07:00:07

答案是,不要将密码存储在数据库中。

相反,存储盐和密码哈希(都是文本字段)。

创建新用户时,您随机创建盐,用该盐对他们选择的密码进行哈希处理,然后存储哈希值。

要对某人进行身份验证,请获取他们输入的密码、存储在用户记录中的盐,通过哈希算法(SHA1 等)运行它们,并将其与存储的哈希进行比较。

虽然概念很简单,但细节可能会困扰您,因此值得使用 其他人的代码< /a> 为此。

The answer is, don't store passwords in the database.

Instead, store salts and password hashes (both text fields).

When creating a new user, you create the salt randomly, hash their selected password with that, and store the hash.

To authenticate someone, take the password they enter, the salt stored in their user record, run them through your hash algorithm (SHA1, etc.), and compared it to the stored hash.

Although easy in concept, the details can bite you, so it's worth using someone else's code for this.

南街九尾狐 2024-10-08 07:00:07

查看 postgresql.org/docs/current/static/sql-createfunction.html 上的“SECURITY DEFINER” – plundra

由用户 plundra 回答。这就是我需要的,谢谢:)

Check out "SECURITY DEFINER" at postgresql.org/docs/current/static/sql-createfunction.html – plundra

Answered by user plundra. Thats what I needed, thanks :)

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文