Home > mailing lists

Re: Fixing insecure security definer functions - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: Fixing insecure security definer functions
Date	March 29, 2007 18:19:49
Msg-id	26354.1175192378@sss.pgh.pa.us Whole thread Raw
In response to	Re: Fixing insecure security definer functions (Stephen Frost <sfrost@snowman.net>)
List	pgsql-hackers

Tree view

Stephen Frost <sfrost@snowman.net> writes:
> * Merlin Moncure (mmoncure@gmail.com) wrote:
>> maybe security definer functions should raise a warning for implicit
>> PATH NONE, and possibly even deprecate that behavior and force people
>> to type it out in future (8.4+) releases.

> While I agree that raising a warning makes sense I don't believe it
> should be forced.

A WARNING seems reasonable to me too.  I'd just do it on the combination
of SECURITY DEFINER with PATH NONE, regardless of how you typed it
exactly.  ALTERing a function into that configuration should draw the
same warning.
        regards, tom lane

pgsql-hackers by date:

From: "Merlin Moncure"
Date: 29 March 2007, 18:18:27
Subject: Re: Fixing insecure security definer functions

From: "Sailesh Krishnamurthy"
Date: 29 March 2007, 18:39:56
Subject: Re: Concurrent connections in psql

Re: Fixing insecure security definer functions - Mailing list pgsql-hackers

Previous

Next