Home > mailing lists

Re: Changing from security definer to security invoker withoutdropping ? - Mailing list pgsql-general

From	Pavel Stehule
Subject	Re: Changing from security definer to security invoker withoutdropping ?
Date	June 11, 2020 10:39:18
Msg-id	CAFj8pRCgH6HnqchEuS0LCtYQk+ZqtrB8nAXT8OvUXzf_8BmbKw@mail.gmail.com Whole thread Raw
In response to	Changing from security definer to security invoker without dropping ? (Laura Smith <n5d9xq3ti233xiyif2vp@protonmail.ch>)
Responses	Re: Changing from security definer to security invoker without dropping ?
List	pgsql-general

Tree view

čt 11. 6. 2020 v 9:29 odesílatel Laura Smith <n5d9xq3ti233xiyif2vp@protonmail.ch> napsal:

Hi,

Just curious if there is a way to switch a function from definer to invoker without dropping ?

create function foo(a int) returns int as $$ begin return $1; end $$ language plpgsql;

postgres=# alter function foo (int) security definer;
ALTER FUNCTION
postgres=# alter function foo (int) security invoker;
ALTER FUNCTION

regards

Pavel

We're working on improving the security posture by changing functions from definer to invoker, but I'm wondering what the best way to roll this out to production is given that dropping and re-creating functions could potentially cause upstream client hassles ?

Laura

pgsql-general by date:

From: Laura Smith
Date: 11 June 2020, 10:29:17
Subject: Changing from security definer to security invoker without dropping ?

From: Laura Smith
Date: 11 June 2020, 10:51:23
Subject: Re: Changing from security definer to security invoker without dropping ?

Re: Changing from security definer to security invoker withoutdropping ? - Mailing list pgsql-general

Previous

Next