From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Li EF Zhang <bjzhangl(at)cn(dot)ibm(dot)com>, Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>, "pgsql-generallists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
Subject: | Re: Can not ALTER TEXT SEARCH DICTIONARY intdict which is default in dict_int |
Date: | 2021-08-25 05:29:36 |
Message-ID: | CAKFQuwYG8F0SPcOLBLaZmUSzJqdpLabsmpq1H-ymGQ-WSSJTcQ@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On Tue, Aug 24, 2021 at 9:20 PM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> "David G. Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> writes:
> > On Tue, Aug 24, 2021 at 8:51 PM Li EF Zhang <bjzhangl(at)cn(dot)ibm(dot)com> wrote:
> >> Thanks for your answer. My doubt is that since an ordinary user creates
> >> the extension, shouldn't be this user the owner of the objects created
> >> within the extension?
>
> > While that is a possible implementation choice, that isn't what was
> chosen.
>
> Let's be clear here: that is not some random implementor's decision.
> That is *necessary*, else the feature is completely insecure.
>
>
Fair. Additionally, an extension that wishes for ordinary users to perform
limited configuration can always supply a security definer function to
facilitate such a change. Though I'm unsure how/if it would go about
arranging role permissions without requiring a superuser.
David J.
From | Date | Subject | |
---|---|---|---|
Next Message | Li EF Zhang | 2021-08-25 06:00:32 | RE: Can not ALTER TEXT SEARCH DICTIONARY intdict which is default in dict_int |
Previous Message | Tom Lane | 2021-08-25 04:19:55 | Re: Can not ALTER TEXT SEARCH DICTIONARY intdict which is default in dict_int |