| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Pavel Stehule" <pavel(dot)stehule(at)hotmail(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: security definer default for some PL languages (SQL/PSM)? |
| Date: | 2007-01-07 16:47:30 |
| Message-ID: | 13058.1168188450@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
"Pavel Stehule" <pavel(dot)stehule(at)hotmail(dot)com> writes:
> SQL/PSM default for SQL procedures are SECURITY DEFINER (like views), but
> PostgreSQL default is SECURITY CALLLER. Is acceptable to define security
> flag in dependency to used language?
I'd vote no, even if Peter is wrong and you're right about what the spec
says. A PL gets to set the rules within its function body, not outside.
Next you'll be telling us that the standard requires that the CREATE
FUNCTION not use a dollar-quoted function body ... to which the answer
will be "too bad". I think the principle of least surprise dictates
that security properties shouldn't be inconsistent across PLs.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Pavel Stehule | 2007-01-07 17:02:18 | Re: security definer default for some PL languages (SQL/PSM)? |
| Previous Message | Tom Lane | 2007-01-07 16:42:34 | Re: proposal: catch warnings |