Home > mailing lists

Add SECURITY_INVOKER_VIEWS option to CREATE DATABASE - Mailing list pgsql-hackers

From	Steve Chavez
Subject	Add SECURITY_INVOKER_VIEWS option to CREATE DATABASE
Date	January 27 19:36:51
Msg-id	CAGRrpzZUXvj=KVspvX301Uo1NpVWQ4aCjHJ9+0zE22TJd5Z1vA@mail.gmail.com Whole thread Raw
Responses	Re: Add SECURITY_INVOKER_VIEWS option to CREATE DATABASE Re: Add SECURITY_INVOKER_VIEWS option to CREATE DATABASE
List	pgsql-hackers

Tree view

Hello hackers,

Currently views are not secure by default since they bypass RLS. PostgreSQL 15 introduced the `WITH (security_invoker = true)` option for this but it's easy to miss on every new view created.

It's also inconsistent with functions, which default to SECURITY INVOKER.

I propose adding an option: `CREATE DATABASE .. SECURITY_INVOKER_VIEWS <bool>` (false by default to maintain backwards compat), so a database will have newly created views as SECURITY INVOKER.

Let me know what you think.

Best regards,

Steve Chavez

pgsql-hackers by date:

From: Srirama Kucherlapati
Date: 27 January, 19:21:12
Subject: RE: AIX support

From: Andres Freund
Date: 27 January, 19:37:56
Subject: Re: pgsql: Prevent invalidation of newly synced replication slots.

Add SECURITY_INVOKER_VIEWS option to CREATE DATABASE - Mailing list pgsql-hackers

Previous

Next