Skip to content
strk edited this page Nov 20, 2013 · 7 revisions

The CartoDB PostgreSQL extension is a module to load into each CartoDB user database to perform cartodb-specific security and functionality checks.

Checks

No user other than the superuser should be allowed to change statement_timeout for the session (SET statement_timeout disallowed).

User tables need to match certain structure criteria (See https://github.com/CartoDB/cartodb/wiki/CartoDB-user-table) so the extension should provide a mean to enforce such structure everytime an attempt to change structure is encountered.

Events

The events we want some function to be called upon are:

event arguments to handler function function duty OK*
SET variable name of variable forbid changing some vars
RENAME table old and new name + oid of the table flush cache
ADD/DROP/ALTER column oid of the table flush cache, cartodbfy Y
DISABLE/DROP trigger oid of table, name of trigger cartodbfy or forbid
DROP table oid of the table flush cache and metadata Y
CREATE table oid of the table cartodby Y
GRANT oid of table, privilege, role flush cache, upd metadata
REVOKE oid of table, privilege, role flush cache, upd metadata

At this stage we don't need more than this, but the number of events and the number of arguments passed to the handler function may expand in the future, so the extension should be written in a way to easily allow that.

Some of the handler will need to act after the statement is completed (CREATE TABLE, for example).

Clone this wiki locally