| From: | "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Cc: | Phil Frost <indigo(at)bitglue(dot)com> |
| Subject: | Re: lastval exposes information that currval does not |
| Date: | 2006-07-06 00:57:08 |
| Message-ID: | 200607051757.08827.jd@commandprompt.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> I am well aware of what security definer means. The significant part of
> this example is that lastval() will allow the caller to see the value of
> a sequence where currval('seq') will not. This means that things which
> might have been forbidden in 8.0 are now accessible in 8.1.
>
> It also means that revoking usage on a schema is not sufficient to
> prevent a user from accessing things within that schema, a property that
> makes me quite uncomfortable.
Then the public schema must drive you nuts :). If you were to create the
function as a non-super user you would probably be good.
Joshua D. Drake
>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/docs/faq
--
=== The PostgreSQL Company: Command Prompt, Inc. ===
Sales/Support: +1.503.667.4564 || 24x7/Emergency: +1.800.492.2240
Providing the most comprehensive PostgreSQL solutions since 1997
http://www.commandprompt.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Greg Stark | 2006-07-06 01:14:21 | Re: Scan Keys |
| Previous Message | Phil Frost | 2006-07-06 00:25:02 | Re: lastval exposes information that currval does not |