Open thestoat opened 8 years ago
jajwilson
commented
8 years ago Sure - do whatever is easiest. Is there any way that we could ensure that such dangerous statements are omitted when we create sql dumps of databases already in ORDS, or is that just something that psql does which we have no influence over?
thestoat
commented
8 years ago That is something to consider, but of course we will still need to parse the file on input.
thestoat
commented
8 years ago In thinking about this issue, I don't think we can simply strip out grant commands - that would be too much effort, only to have them reintroduced at a later stage. For example, exporting a db through ORDS will create a file with appropriate grant commands - reimporting them into the database will run those commands and that could be useful.
I think the best thing to do is to allow grant commands, but once a db has been imported, the db should have permissions changed appropriately depending on project members currently defined, as is currently the case for other databases upon creation.
scottbw
commented
8 years ago When you call pg_dump, just add "--no-acl" and it will strip out any grant/revoke commands. So it is simple enough to do if its desirable.
thestoat
commented
8 years ago Thank you Scott :-)
When importing a dump file, it is possible to include grand and alter statements in them that could compromise the integrity of other databases. Either