Home > mailing lists

Re: Fixing insecure security definer functions - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: Fixing insecure security definer functions
Date	February 14, 2007 00:10:36
Msg-id	1264.1171415429@sss.pgh.pa.us Whole thread Raw
In response to	Re: Fixing insecure security definer functions (Stephen Frost <sfrost@snowman.net>)
Responses	Re: Fixing insecure security definer functions (Stephen Frost <sfrost@snowman.net>)
List	pgsql-hackers

Tree view

Stephen Frost <sfrost@snowman.net> writes:
> It'll break most of the functions that we have in our production
> systems...  They're not security definer functions but it's routine for
> us to switch between different schemas to run a function on.

> What about pushing all the in-function references down to the
> specific objects referenced at plan creation time (err, I thought this
> was done?)?

Wouldn't that break exactly the cases you're worried about?  It would be
an enormous amount of work, too.
        regards, tom lane

pgsql-hackers by date:

From: Tom Lane
Date: 14 February 2007, 00:07:10
Subject: Re: Writing triggers in C++

From: Stephen Frost
Date: 14 February 2007, 00:24:45
Subject: Re: Fixing insecure security definer functions

Re: Fixing insecure security definer functions - Mailing list pgsql-hackers

Previous

Next