Quick Links

Why security-definer functions are executable by public by default?

From:	hubert depesz lubaczewski <depesz(at)depesz(dot)com>
To:	pgsql-general(at)postgresql(dot)org
Subject:	Why security-definer functions are executable by public by default?
Date:	2011-04-05 06:41:21
Message-ID:	20110405064119.GA9973@depesz.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

was pointed to the fact that security definer functions have the same
default privileges as normal functions in the same language - i.e. if
the language is trusted - public has the right to execute them.

maybe i'm missing something important, but given the fact that security
definer functions are used to get access to things that you usually
don't have access to - shouldn't the privilege be revoked by default,
and grants left for dba to decide?

depesz

--
The best thing about modern society is how easy it is to avoid contact with it.
http://depesz.com/

Responses

Re: Why security-definer functions are executable by public by default? at 2011-04-05 07:45:56 from Sim Zacks
Re: Why security-definer functions are executable by public by default? at 2011-04-05 14:45:01 from Tom Lane
Re: Why security-definer functions are executable by public by default? at 2011-04-06 07:06:50 from pasman pasmański
Re: Why security-definer functions are executable by public by default? at 2011-04-07 02:47:50 from Noah Misch

Browse pgsql-general by date

	From	Date	Subject
Next Message	Sim Zacks	2011-04-05 07:45:56	Re: Why security-definer functions are executable by public by default?
Previous Message	Craig Ringer	2011-04-05 03:59:29	Re: postgres segfaulting on pg_restore