Home > mailing lists

Re: DROP TABLE can be issued by schema owner as well as table owner - Mailing list pgsql-docs

From	Guillaume Lelarge
Subject	Re: DROP TABLE can be issued by schema owner as well as table owner
Date	May 20, 2011 17:24:35
Msg-id	4DD6A3CA.3060302@lelarge.info Whole thread Raw
In response to	Re: DROP TABLE can be issued by schema owner as well as table owner (Alvaro Herrera <alvherre@commandprompt.com>)
List	pgsql-docs

Tree view

Le 05/20/2011 06:53 PM, Alvaro Herrera a écrit :
> Excerpts from Derrick Rice's message of vie may 20 12:35:24 -0400 2011:
>> On Fri, May 20, 2011 at 12:18 PM, Guillaume Lelarge
>> <guillaume@lelarge.info>wrote:
>>
>>> Well, for a specific object, any superuser, the database owner, the
>>> schema owner, and the object owner could drop the object. This is not a
>>> vulnerability.
>>>
>>
>> It is not documented clearly.  Any information not made clear is an
>> opportunity for an error which leads to a vulnerability.
>
> So we need a standard caveat stmt on all relevant pages?  Seems
> reasonable to me.
>

Could be. Not sure it's that important.


--
Guillaume
 http://www.postgresql.fr
 http://dalibo.com

pgsql-docs by date:

From: Alvaro Herrera
Date: 20 May 2011, 16:54:02
Subject: Re: DROP TABLE can be issued by schema owner as well as table owner

From: Alvaro Herrera
Date: 20 May 2011, 17:32:12
Subject: Re: non-ASCII characters in SGML documentation (and elsewhere)

Re: DROP TABLE can be issued by schema owner as well as table owner - Mailing list pgsql-docs

Previous

Next