Home > mailing lists

Re: Using views for row-level access control is leaky - Mailing list pgsql-hackers

From	Simon Riggs
Subject	Re: Using views for row-level access control is leaky
Date	October 23, 2009 10:49:29
Msg-id	1256294931.8450.1346.camel@ebony Whole thread Raw
In response to	Re: Using views for row-level access control is leaky (KaiGai Kohei <kaigai@kaigai.gr.jp>)
Responses	Re: Using views for row-level access control is leaky Re: Using views for row-level access control is leaky
List	pgsql-hackers

Tree view

On Fri, 2009-10-23 at 19:38 +0900, KaiGai Kohei wrote:
> > Also, we should presume that any function created with SECURITY DEFINER
> > and created by a superuser would have plan security, so we don't need to
> > annotate lots of old code to work securely. Annotating the built-in
> > functions is a lot easier.
> 
> Sorry, what is happen if function is marked as "plan security"?

I was suggesting an intelligent default by which we could determine
function marking implicitly, if it was not explicitly stated on the
CREATE FUNCTION.

-- Simon Riggs           www.2ndQuadrant.com

pgsql-hackers by date:

From: KaiGai Kohei
Date: 23 October 2009, 10:38:34
Subject: Re: Using views for row-level access control is leaky

From: KaiGai Kohei
Date: 23 October 2009, 11:04:39
Subject: Re: Using views for row-level access control is leaky

Re: Using views for row-level access control is leaky - Mailing list pgsql-hackers

Previous

Next