| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | depesz(at)depesz(dot)com |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Why security-definer functions are executable by public by default? |
| Date: | 2011-04-05 14:45:01 |
| Message-ID: | 2817.1302014701@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
hubert depesz lubaczewski <depesz(at)depesz(dot)com> writes:
> was pointed to the fact that security definer functions have the same
> default privileges as normal functions in the same language - i.e. if
> the language is trusted - public has the right to execute them.
> maybe i'm missing something important, but given the fact that security
> definer functions are used to get access to things that you usually
> don't have access to - shouldn't the privilege be revoked by default,
> and grants left for dba to decide?
I don't see that that follows, at all. The entire point of a security
definer function is to provide access to some restricted resource to
users who couldn't get at it with their own privileges. Having it start
with no privileges would be quite useless.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Zeev Ben-Sender | 2011-04-05 15:22:16 | Is index rebuilt upon updating table with the same values as already existing in the table? |
| Previous Message | rihad | 2011-04-05 14:35:41 | Re: Named advisory locks |