Quick Links

Re: [ANNOUNCE] Advisory on possibly insecure security definer functions

From:	Karsten Hilbert <Karsten(dot)Hilbert(at)gmx(dot)net>
To:	pgsql-general(at)postgresql(dot)org
Subject:	Re: [ANNOUNCE] Advisory on possibly insecure security definer functions
Date:	2007-02-17 14:15:25
Message-ID:	20070217141525.GC4468@merkur.hilbert.loc
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general pgsql-hackers

On Sat, Feb 17, 2007 at 01:26:34PM +0900, Tatsuo Ishii wrote:

> But if we insert a set schema search_path command in an SQL function,
> the caller will be affected by it. Doing reset search_path before
> returning to caller might solve some of problems, but it will not
> recover caller's special search_path. How do you solve the problem?

Schema-qualifying object accesses would be tedious,
omission-prone but not liable to the above problem.

Karsten
--
GPG key ID E4071346 @ wwwkeys.pgp.net
E167 67FD A291 2BEA 73BD 4537 78B9 A9F9 E407 1346

In response to

Re: [ANNOUNCE] Advisory on possibly insecure security definer functions at 2007-02-17 04:26:34 from Tatsuo Ishii

Responses

Re: [ANNOUNCE] Advisory on possibly insecure security definer functions at 2007-02-17 18:31:19 from Michael Fuhr

Browse pgsql-general by date

	From	Date	Subject
Next Message	Alvaro Herrera	2007-02-17 14:26:34	Re: pg_tablespace.spcacl
Previous Message	Alexi Gen	2007-02-17 13:17:09	pg_tablespace.spcacl

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	RPK	2007-02-17 14:49:42	New feature request: FlashBack Query
Previous Message	Martijn van Oosterhout	2007-02-17 12:36:26	Re: Invalid to_date patterns (was: [PATCHES] [GENERAL] ISO week dates)