Home > mailing lists

Re: Why security-definer functions are executable by public by default? - Mailing list pgsql-general

From	pasman pasmański
Subject	Re: Why security-definer functions are executable by public by default?
Date	April 6, 2011 07:07:01
Msg-id	BANLkTi=1x+RcRKBvsJZSpwmM5TyPaNQbTg@mail.gmail.com Whole thread Raw
In response to	Why security-definer functions are executable by public by default? (hubert depesz lubaczewski <depesz@depesz.com>)
Responses	Re: Why security-definer functions are executable by public by default?
List	pgsql-general

Tree view

> was pointed to the fact that security definer functions have the same
> default privileges as normal functions in the same language - i.e. if
> the language is trusted - public has the right to execute them.
>
> maybe i'm missing something important, but given the fact that security
> definer functions are used to get access to things that you usually
> don't have access to - shouldn't the privilege be revoked by default,
> and grants left for dba to decide?
>

you can create function in  schema accesible to dba only.

------------
pasman

pgsql-general by date:

From: pasman pasmański
Date: 06 April 2011, 06:23:55
Subject: Re: Database "gnu make" equivalent

From: dba
Date: 06 April 2011, 08:10:00
Subject: Is there any provision to take incremental backup

Re: Why security-definer functions are executable by public by default? - Mailing list pgsql-general

Previous

Next