| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "C G" <csgcsg39(at)hotmail(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org, Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Subject: | Re: User permission |
| Date: | 2004-04-16 00:08:42 |
| Message-ID: | 22542.1082074122@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
"C G" <csgcsg39(at)hotmail(dot)com> writes:
> I have a user_info table that has trigger which creates a user and
> switches session authorization to the new user, but it doesn't seem to
> work as I expect.
> mydb1=> select * from user_info ;
> usename | password
> ---------+----------
> user1 | ***
> (1 row)
> Shouldn't be able to do that!
I think what is happening is that when control exits from the SECURITY
DEFINER function, the value of current_user is reset to what it was when
the function was entered. So even though session_user says user1,
you are still effectively admin here.
I'm not sure there is any clean solution that would make this do what
you expect, partly because it's not real clear what you expect (consider
nested SECURITY DEFINER functions, error recovery, etc). I'd be
inclined to put a band-aid on it by forbidding SET SESSION AUTHORIZATION
inside functions.
Can anyone propose a defensible and implementable behavior that would
allow CG to do what he wants?
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jim Seymour | 2004-04-16 00:38:43 | Re: Basix for Data General / Basix for Sco Unix |
| Previous Message | Tom Lane | 2004-04-15 23:58:57 | Re: Optimal configuration to eliminate "out of file descriptors" error |