Re: [GENERAL] What user to defaults execute as?

I think we open up more security problems by having the inserter doing
things as the owner of the table.

---------------------------------------------------------------------------

Bruno Wolff III wrote:
> On Wed, Oct 30, 2002 at 14:03:21 -0600,
> >
> > While I am not sure about triggers, it certainly is possible to get
> > a similar effect be having the referenced function run with the security
> > of the definer.
>
> I read some more on triggers and found that according to the documentation,
> they appear to run as the user doing the insert, update or delete and
> are specifically noted to be dangerous. And while using the execute as
> definer can allow a trigger writer to provide limited access to the invoker,
> it doesn't protect the invoker from the trigger writer. It seems unlikely
> that triggers should be doing things to objects that the trigger owner
> doesn't have rights to. And this might be another place where using the
> access of the owner would be better than using that of the invoker.
>
> ---------------------------(end of broadcast)---------------------------
> TIP 1: subscribe and unsubscribe commands go to majordomo(at)postgresql(dot)org
>

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073