From: | "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com> |
---|---|
To: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | search path security issue? |
Date: | 2017-10-05 21:37:21 |
Message-ID: | 9badbdb1-2519-5416-7d2a-55ff50a5963e@commandprompt.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
-hackers,
Please see the below:
"""
postgres=# create user foo;
CREATE ROLE
postgres=# create schema foo;
CREATE SCHEMA
postgres=# alter role foo set search_path to 'foo';
ALTER ROLE
postgres=# \q
jd(at)jd-wks:~$ psql -U foo postgres
psql (9.6.5)
Type "help" for help.
postgres=> show search_path;
search_path
-------------
foo
(1 row)
postgres=> alter role foo set search_path to default;
ALTER ROLE
postgres=> show search_path;
search_path
-------------
foo
(1 row)
postgres=> \q
jd(at)jd-wks:~$ psql -U foo postgres
psql (9.6.5)
Type "help" for help.
postgres=> show search_path;
search_path
-----------------
"$user", public
(1 row)
I get being able to change my search_path on the fly but it seems odd
that as user foo I can change my default search path?
JD
--
Command Prompt, Inc. || http://the.postgres.company/ || @cmdpromptinc
PostgreSQL Centered full stack support, consulting and development.
Advocate: @amplifypostgres || Learn: https://pgconf.us
***** Unless otherwise stated, opinions are my own. *****
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2017-10-05 21:53:28 | Re: search path security issue? |
Previous Message | Robert Haas | 2017-10-05 21:34:39 | Re: Proposal for CSN based snapshots |