Josh Berkus <josh@agliodbs.com> writes:
> Security Definer has ramifications in PostgreSQL which I don't think it
> does in Oracle. Particularly, see:
> http://www.postgresql.org/docs/techdocs.77
BTW, that article needs to be updated to show the (much easier) way to
do it as of 8.3.
I concur that "make all your functions security definer by default" is
unlikely to make a system more secure overall --- it'll just move the
problems around. Especially if it's applied blindly by someone who
stopped reading at that point.
regards, tom lane
