Re: [GENERAL] What user to defaults execute as?

From: Bruno Wolff III <bruno(at)wolff(dot)to>
To: pgsql-hackers(at)postgresql(dot)org
Subject: Re: [GENERAL] What user to defaults execute as?
Date: 2002-10-30 20:40:02
Message-ID: 20021030204002.GA7210@wolff.to
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general pgsql-hackers

On Wed, Oct 30, 2002 at 14:03:21 -0600,
>
> While I am not sure about triggers, it certainly is possible to get
> a similar effect be having the referenced function run with the security
> of the definer.

I read some more on triggers and found that according to the documentation,
they appear to run as the user doing the insert, update or delete and
are specifically noted to be dangerous. And while using the execute as
definer can allow a trigger writer to provide limited access to the invoker,
it doesn't protect the invoker from the trigger writer. It seems unlikely
that triggers should be doing things to objects that the trigger owner
doesn't have rights to. And this might be another place where using the
access of the owner would be better than using that of the invoker.

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Kevin Old 2002-10-30 20:42:04 Re: [SQL] Database Design tool
Previous Message s-psql 2002-10-30 20:13:39 Re: permission prob: granted, but still denied

Browse pgsql-hackers by date

  From Date Subject
Next Message Rod Taylor 2002-10-30 20:49:30 Re: 7.2.3 vacuum bug
Previous Message Neil Conway 2002-10-30 20:38:31 Re: 7.2.3 vacuum bug