Re: Using views for row-level access control is leaky - Mailing list pgsql-hackers

From Simon Riggs
Subject Re: Using views for row-level access control is leaky
Date
Msg-id 1256294931.8450.1346.camel@ebony
Whole thread Raw
In response to Re: Using views for row-level access control is leaky  (KaiGai Kohei <kaigai@kaigai.gr.jp>)
Responses Re: Using views for row-level access control is leaky
Re: Using views for row-level access control is leaky
List pgsql-hackers
On Fri, 2009-10-23 at 19:38 +0900, KaiGai Kohei wrote:
> > Also, we should presume that any function created with SECURITY DEFINER
> > and created by a superuser would have plan security, so we don't need to
> > annotate lots of old code to work securely. Annotating the built-in
> > functions is a lot easier.
> 
> Sorry, what is happen if function is marked as "plan security"?

I was suggesting an intelligent default by which we could determine
function marking implicitly, if it was not explicitly stated on the
CREATE FUNCTION.

-- Simon Riggs           www.2ndQuadrant.com



pgsql-hackers by date:

Previous
From: KaiGai Kohei
Date:
Subject: Re: Using views for row-level access control is leaky
Next
From: KaiGai Kohei
Date:
Subject: Re: Using views for row-level access control is leaky