Home > mailing lists

Re: [PATCHES] Users/Groups -> Roles - Mailing list pgsql-hackers

From	Michael Paesold
Subject	Re: [PATCHES] Users/Groups -> Roles
Date	June 28, 2005 20:08:12
Msg-id	00a301c57c1d$1a9252a0$0f01a8c0@zaphod Whole thread Raw
In response to	Re: [PATCHES] Users/Groups -> Roles (Stephen Frost <sfrost@snowman.net>)
List	pgsql-hackers

Tree view

Stephen Frost wrote:
> I can perhaps see a special case for SECURITY DEFINER functions but if
> we're going to special case them I'd think we'd need to make them only
> be creatable/modifiable at all by superusers or add another flag to the
> role to allow that.

I agree that owner changes of SECURITY DEFINER functions seem dangerous. I 
would follow Stephen's idea that SECURITY DEFINER functions should only be 
creatable/modifiable by superusers.

This would be similar to unix, where setting the suid/sgid bits is usually 
only allowed to root.

Best Regards,
Michael Paesold

pgsql-hackers by date:

From: Stephen Frost
Date: 28 June 2005, 20:05:12
Subject: Re: [PATCHES] Users/Groups -> Roles

From: "Magnus Hagander"
Date: 28 June 2005, 20:24:31
Subject: Re: Proposed TODO: --encoding option for pg_dump

Re: [PATCHES] Users/Groups -> Roles - Mailing list pgsql-hackers

Previous

Next