Home > mailing lists

Re: [ANNOUNCE] Advisory on possibly insecure security definer functions - Mailing list pgsql-general

From	Karsten Hilbert
Subject	Re: [ANNOUNCE] Advisory on possibly insecure security definer functions
Date	February 18, 2007 09:38:24
Msg-id	20070218103815.GF5088@merkur.hilbert.loc Whole thread Raw
In response to	Re: [ANNOUNCE] Advisory on possibly insecure security definer functions (Michael Fuhr <mike@fuhr.org>)
List	pgsql-general

Tree view

On Sat, Feb 17, 2007 at 11:31:19AM -0700, Michael Fuhr wrote:

> If you schema-qualify objects instead of setting search_path then
> don't forget about operators.
I knew I had missed something.

> SELECT col
>   FROM schemaname.tablename
>  WHERE othercol operator(pg_catalog.=) schemaname.funcname(someval)

Good to know what.

Thanks,
Karsten
--
GPG key ID E4071346 @ wwwkeys.pgp.net
E167 67FD A291 2BEA 73BD  4537 78B9 A9F9 E407 1346

pgsql-general by date:

From: Magnus Hagander
Date: 18 February 2007, 09:04:14
Subject: Re: Automated backups for PG running on Windows Server?

From: Karsten Hilbert
Date: 18 February 2007, 10:29:24
Subject: Why *exactly* is date_trunc() not immutable ?

Re: [ANNOUNCE] Advisory on possibly insecure security definer functions - Mailing list pgsql-general

Previous

Next