[cap-talk] capabilities in relational databases
Sam Mason
sam at samason.me.uk
Sat Apr 12 13:02:44 CDT 2008
On Sat, Apr 12, 2008 at 07:24:36PM +0200, Rob Meijer wrote:
> To me it would appear that something like the following would be much more
> in line with the capabilities paradigm:
>
> CREATE VIEW a7b3npqs87g3nchly682 AS SELECT * FROM t WHERE n < 10;
> GRANT SELECT ON a7b3npqs87g3nchly682 TO ALL
>
> By using a strong name for the view and NOT limiting access based on
> user or role, the view name would be usable as a simple password capability,
> separate from identity or role based access controls.
Yes, that would be better still. It wouldn't work in PG because users
can enumerate all the definitions (not just names, but code as well) in
the database. Stopping this enumeration would turn this into something
like a password capability system, but presents other problems for
working with it.
Programming in RDBMSs tends to happen "inside" them, so you need to be
able to ask what names you have defined so far, which implies a need to
be able to enumerate definitions. It would be interesting to see what a
database looked like when this wasn't true, if anyone has any pointers
into groups that have tried this I'd be interested to see them. Failing
that I'd move into pure speculation and however much fun that is it's
probably not very productive.
Sam
More information about the cap-talk
mailing list