Re: Irreversible SET ROLE - Mailing list pgsql-general

From Tom Lane
Subject Re: Irreversible SET ROLE
Date
Msg-id 12275.1417484362@sss.pgh.pa.us
Whole thread Raw
In response to Re: Irreversible SET ROLE  (Bryn Jeffries <bryn.jeffries@sydney.edu.au>)
List pgsql-general
Bryn Jeffries <bryn.jeffries@sydney.edu.au> writes:
> Tom Lane wrote
>> I think you might be able to do something with invoking untrusted code
>> inside a SECURITY DEFINER function.  That context disables both SET ROLE
>> and SET SESSION AUTHORIZATION.  I would not want to bet a lot on that
>> being bulletproof, however.

> Me neither. But out of interest, do you know what the intent was for the SESSION and LOCAL modifiers for SET ROLE?
> Both seem to do nothing more than regular SET ROLE, but are PostgreSQL extensions.

Those are just there because they're there for any SET <variable> command.
LOCAL means "set just for the duration of this transaction".  SESSION is
only a noise word IIRC, ie, it lets you explicitly specify the default
behavior.

            regards, tom lane


pgsql-general by date:

Previous
From: Bryn Jeffries
Date:
Subject: Re: Irreversible SET ROLE
Next
From: Ilya Ashchepkov
Date:
Subject: Re: PG94RC1- plv8 functions - problem with input parameter length