Quick Links

Re: Why security-definer functions are executable by public by default?

From:	pasman pasmański <pasman(dot)p(at)gmail(dot)com>
To:	depesz(at)depesz(dot)com
Cc:	pgsql-general(at)postgresql(dot)org
Subject:	Re: Why security-definer functions are executable by public by default?
Date:	2011-04-06 07:06:50
Message-ID:	BANLkTi=1x+RcRKBvsJZSpwmM5TyPaNQbTg@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

> was pointed to the fact that security definer functions have the same
> default privileges as normal functions in the same language - i.e. if
> the language is trusted - public has the right to execute them.
>
> maybe i'm missing something important, but given the fact that security
> definer functions are used to get access to things that you usually
> don't have access to - shouldn't the privilege be revoked by default,
> and grants left for dba to decide?
>

you can create function in schema accesible to dba only.

------------
pasman

In response to

Why security-definer functions are executable by public by default? at 2011-04-05 06:41:21 from hubert depesz lubaczewski

Responses

Re: Why security-definer functions are executable by public by default? at 2011-04-06 14:41:43 from hubert depesz lubaczewski

Browse pgsql-general by date

	From	Date	Subject
Next Message	dba	2011-04-06 08:09:48	Is there any provision to take incremental backup
Previous Message	pasman pasmański	2011-04-06 06:23:45	Re: Database "gnu make" equivalent