Re: to_char incompatibility - Mailing list pgsql-hackers

From Roberts, Jon
Subject Re: to_char incompatibility
Date
Msg-id 1A6E6D554222284AB25ABE3229A927627153FB@nrtexcus702.int.asurion.com
Whole thread Raw
In response to to_char incompatibility  (Peter Eisentraut <peter_e@gmx.net>)
Responses Re: to_char incompatibility
Re: to_char incompatibility
List pgsql-hackers
> 
> Jon,
> 
> > I always put security definer as I really think that should be the
> > default behavior.  Anyway, your function should run faster.
> 
> That's not a real good idea.  A security definer function is like an SUID
> shell script; only to be used with great care.
> 

You'll have to explain to Oracle and their customers that Oracle's security
model is not a great idea then.  

<soapbox>
Executing a function should never require privileges on the underlying
objects referenced in it.  The function should always run with the rights of
the owner of the function, not the user executing it.
</soapbox>


Jon


pgsql-hackers by date:

Previous
From: Gavin Sherry
Date:
Subject: Re: Dynamic Partitioning using Segment Visibility Maps
Next
From: Kris Jurka
Date:
Subject: Re: Pl/Java broken since Postgresql 8.3-rc1