Re: Security leak with trigger functions?

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Peter Eisentraut <peter_e(at)gmx(dot)net>
Cc: pgsql-hackers(at)postgresql(dot)org, "Albe Laurenz" <all(at)adv(dot)magwien(dot)gv(dot)at>
Subject: Re: Security leak with trigger functions?
Date: 2006-12-14 17:53:55
Message-ID: 22557.1166118835@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> Tom Lane wrote:
>> The question in my mind is what privilege to check and when.

> By extrapolation of the SQL standard, I'd say we'd need to check the
> EXECUTE privilege of the function at run time.

Certainly EXECUTE privilege is what to check, but whose privilege?

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Peter Eisentraut 2006-12-14 17:56:47 Multiple uses of same internal function
Previous Message Peter Eisentraut 2006-12-14 17:47:34 Re: Security leak with trigger functions?