Quick Links

Re: Irreversible SET ROLE

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Bryn Jeffries <bryn(dot)jeffries(at)sydney(dot)edu(dot)au>
Cc:	"pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org>
Subject:	Re: Irreversible SET ROLE
Date:	2014-12-02 00:39:33
Message-ID:	10703.1417480773@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

Bryn Jeffries <bryn(dot)jeffries(at)sydney(dot)edu(dot)au> writes:
> I have a question about preventing SET ROLE from being reset within a session.

You can't; per SQL standard, SET ROLE NONE is supposed to do exactly that.

I think you might be able to do something with invoking untrusted code
inside a SECURITY DEFINER function. That context disables both SET ROLE
and SET SESSION AUTHORIZATION. I would not want to bet a lot on that
being bulletproof, however.

regards, tom lane

In response to

Irreversible SET ROLE at 2014-12-01 21:14:53 from Bryn Jeffries

Responses

Re: Irreversible SET ROLE at 2014-12-02 00:50:58 from Bryn Jeffries

Browse pgsql-general by date

	From	Date	Subject
Next Message	David G Johnston	2014-12-02 00:49:41	Re: Merge rows based on Levenshtein distance
Previous Message	mongoose	2014-12-01 23:48:41	Merge rows based on Levenshtein distance