Quick Links

Re: Fixing insecure security definer functions

From:	Josh Berkus <josh(at)agliodbs(dot)com>
To:	pgsql-hackers(at)postgresql(dot)org
Cc:	"Zeugswetter Andreas ADI SD" <ZeugswetterA(at)spardat(dot)at>, "Peter Eisentraut" <peter_e(at)gmx(dot)net>
Subject:	Re: Fixing insecure security definer functions
Date:	2007-02-14 23:07:24
Message-ID:	200702141507.24803.josh@agliodbs.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Andreas,

> Have you considered hardcoding the schema for each object where it was
> found at creation time ? This seems more intuitive to me.

This isn't practical. Consider the schema qualification syntax for
operators.

--
--Josh

Josh Berkus
PostgreSQL @ Sun
San Francisco

Re: Fixing insecure security definer functions at 2007-02-14 09:21:36 from Zeugswetter Andreas ADI SD

	From	Date	Subject
Next Message	Tom Dunstan	2007-02-14 23:26:15	Re: "anyelement2" pseudotype
Previous Message	Heikki Linnakangas	2007-02-14 21:33:14	Re: HOT WIP Patch - version 1