Re: [GENERAL] What user to defaults execute as?

From: Bruno Wolff III <bruno(at)wolff(dot)to>
To: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: [GENERAL] What user to defaults execute as?
Date: 2002-11-02 05:55:42
Message-ID: 20021102055542.GA3848@wolff.to
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general pgsql-hackers

On Fri, Nov 01, 2002 at 21:35:40 -0500,
Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> wrote:
>
> I think we open up more security problems by having the inserter doing
> things as the owner of the table.

With triggers it is a bit hard to decide. Since people other than the
table owner can create them, but then they effectively belong to the
table owner. I think that makes having them execute as the table
owner reasonable. The table owner is taking his chances by letting
other people create triggers on his table.

For constraints and default expressions I don't see any problems for
having them execute as the table owner. This provides a small advantage
in providing limited update ability for sequences, that would otherwise
require creating a function to achieve.

As long as people realize that when they insert, update or delete from
a table owned by someone else they need to trust that person it probably
isn't a big deal. The descriptions of triggers hint at this but from
a different perspective (that of a table owner letting people create
triggers on his table) and people might not make the connection (assuming
they even read about triggers).

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Tom Lane 2002-11-02 06:01:11 Re: [GENERAL] What user to defaults execute as?
Previous Message Bruce Momjian 2002-11-02 05:47:57 Re: [GENERAL] What user to defaults execute as?

Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2002-11-02 06:01:11 Re: [GENERAL] What user to defaults execute as?
Previous Message Bruce Momjian 2002-11-02 05:47:57 Re: [GENERAL] What user to defaults execute as?