[ZODB-Dev] Relstorage database permissions
Maurits van Rees
m.van.rees at zestsoftware.nl
Tue Feb 22 17:10:22 EST 2011
Hi,
Normally RelStorage creates the database tables for you and the user you
have specified is the owner of those tables. For security reasons a
client does not want this, but wants a different user to own the tables
and instead only grant some permissions to the relstorage user. I guess
theoretically there could be a bug in the relstorage code that could
lead to more problems when the relstorage user has full rights to those
tables. I am not losing any sleep over fears like that though. :-)
But putting aside a potentially distracting discussion about whether
this extra security is needed: which permissions does relstorage really
need? Select, update, insert and delete are obvious. I have seen that
packing also needs the truncate permission. Everything seems to work
with this combination.
But for that extra bit peace of mind: am I overlooking a permission?
This is on postgres btw.
--
Maurits van Rees
Web App Programmer at Zest Software: http://zestsoftware.nl
Personal website: http://maurits.vanrees.org/
More information about the ZODB-Dev
mailing list