Re: SECURITY DEFINER changes CURRENT_USER?

From: Matthew Horoschun <mhoroschun(at)canprint(dot)com(dot)au>
To: Chris Travers <chris(at)travelamericas(dot)com>
Cc: pgsql-sql(at)postgresql(dot)org
Subject: Re: SECURITY DEFINER changes CURRENT_USER?
Date: 2003-07-20 06:19:07
Message-ID: 119F16EC-BA7A-11D7-9764-000393B3A702@canprint.com.au
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-sql

Hi Chris,

You want to use "session_user".

> I would expect this to change the password of the user currently
> logged in but instead it changes MY password. Evidently when a
> function is called which is set to SECURITY DEFINER, it changes the
> context of the current user. The CURRENT_USER then returns the name
> of the definer rather than the invoker of the function.
>
> So this being said-- are there any workarounds that don't allow anyone
> to change anyone else's password?

Cheers

In response to

Browse pgsql-sql by date

  From Date Subject
Next Message Stephan Szabo 2003-07-20 06:20:00 Re: Return a set of values from postgres Function
Previous Message Stephan Szabo 2003-07-20 06:15:01 Re: changing an update via rules