Re: question about stored procedure / function - Mailing list pgsql-general

From Bill Moran
Subject Re: question about stored procedure / function
Date
Msg-id 20070311155741.d5401386.wmoran@potentialtech.com
Whole thread Raw
In response to question about stored procedure / function  ("Alain Roger" <raf.news@gmail.com>)
List pgsql-general
"Alain Roger" <raf.news@gmail.com> wrote:
>
> Hi,
>
> i created the following function :
> -- Function: immense.sp_a_001(username "varchar", pwd "varchar")
> -- DROP FUNCTION immense.sp_a_001(username "varchar", pwd "varchar");
>
> CREATE OR REPLACE FUNCTION immense.sp_a_001(username "varchar", pwd
> "varchar")
>   RETURNS int4 AS
> $BODY$
>
> DECLARE
>  myrec immense.accounts%ROWTYPE;
>  count INTEGER := 0;
> /**************************************/
>
> BEGIN
>
>  FOR myrec IN
>   SELECT * FROM immense.accounts WHERE account_login=$1 and account_pwd=$2
> LOOP
>    count := count + 1;
>  END LOOP;
>  RETURN count;
>
> END;
>
> $BODY$
>   LANGUAGE 'plpgsql' VOLATILE;
> ALTER FUNCTION immense.sp_a_001(username "varchar", pwd "varchar") OWNER TO
> immensesk;
> GRANT EXECUTE ON FUNCTION immense.sp_a_001(username "varchar", pwd
> "varchar") TO immensesk;
>
> However, postgreSQL add automatically the following line to each procedure
> and i do not know why ?
> GRANT EXECUTE ON FUNCTION immense.sp_a_001(username "varchar", pwd
> "varchar") TO public;
>
> normally, in such case (i mean without granted execution right to public on
> this procedure), only immensesk user should be able to run it... so why such
> thing ?
> it is not secured...

Default rights for newly created functions allow execution by public.

To remove this, use REVOKE.

--
Bill Moran
http://www.potentialtech.com

pgsql-general by date:

Previous
From: "Anton Melser"
Date:
Subject: Re: question about stored procedure / function
Next
From: Rajarshi Guha
Date:
Subject: passing an array type to a plpython procedure