2009/10/19 Stephen Frost <sfrost@snowman.net>:
> * Pavel Stehule (pavel.stehule@gmail.com) wrote:
>> 2009/10/19 Stephen Frost <sfrost@snowman.net>:
>> > * Pavel Stehule (pavel.stehule@gmail.com) wrote:
>> >> Superuser permission could not be a problem. Simple security definer
>> >> function can do it.
>> >
>> > Then you've defeated the point of making it superuser-only.
>>
>> no. Because when I write security definer function, then I explicitly
>> allow an writing for some roles. When I don't write this function,
>> then GUC is secure.
>
> And what happens when those 'some roles' are used by broken
> applications? You don't get to say "make it superuser only" and then
> turn around and tell people to hack around the fact that it's superuser
> only to be able to use it. That's not a solution.
You don't understand me. When I would to have a secure environment,
then I don't write this function. So there will not be a posibility to
change application name from session.
Pavel
>
> Stephen
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
>
> iEYEARECAAYFAkrchUYACgkQrzgMPqB3kij8nACfUrF/wkpsORpXiN0QgbXvONdi
> ghYAn19MpPNnRrf9BxmIOVBRR212JU6c
> =c5tL
> -----END PGP SIGNATURE-----
>
>
