On 7/9/08, ITAGAKI Takahiro <itagaki.takahiro@oss.ntt.co.jp> wrote:
> Dean Rasheed <dean_rasheed@hotmail.com> wrote:
> > * client_sql_trace = on | off - settable by a normal user to allow a
> > client session to see the sql_trace output. If this parameter is on,
> > the sql_trace will be logged as NOTICE output.
>
>
> In terms of security, is it ok to show normal users SQLs used in functions
> that are owned by other users? Users can call not-owned functions only if
> they have EXECUTE privilege on them. -- presently we can see function
> bodies from pg_proc.prosrc freely, though.
Different owner is not a problem, but SECURITY DEFINER may be.
That can be solved by turning the setting off on entry to such function,
by non-superuser. Like we handle search_path.
--
marko
