| From: | "Michael Paesold" <mpaesold(at)gmx(dot)at> |
|---|---|
| To: | "Stephen Frost" <sfrost(at)snowman(dot)net>, "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [PATCHES] Users/Groups -> Roles |
| Date: | 2005-06-28 20:08:07 |
| Message-ID: | 00a301c57c1d$1a9252a0$0f01a8c0@zaphod |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers pgsql-patches |
Stephen Frost wrote:
> I can perhaps see a special case for SECURITY DEFINER functions but if
> we're going to special case them I'd think we'd need to make them only
> be creatable/modifiable at all by superusers or add another flag to the
> role to allow that.
I agree that owner changes of SECURITY DEFINER functions seem dangerous. I
would follow Stephen's idea that SECURITY DEFINER functions should only be
creatable/modifiable by superusers.
This would be similar to unix, where setting the suid/sgid bits is usually
only allowed to root.
Best Regards,
Michael Paesold
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2005-06-28 20:24:19 | Re: [HACKERS] Proposed TODO: --encoding option for pg_dump |
| Previous Message | Stephen Frost | 2005-06-28 20:05:16 | Re: [PATCHES] Users/Groups -> Roles |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2005-06-28 20:24:19 | Re: [HACKERS] Proposed TODO: --encoding option for pg_dump |
| Previous Message | Stephen Frost | 2005-06-28 20:05:16 | Re: [PATCHES] Users/Groups -> Roles |