Skip site navigation (1) Skip section navigation (2)

Re: [v9.3] Row-Level Security

From: Florian Pflug <fgp(at)phlo(dot)org>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp>, Robert Haas <robertmhaas(at)gmail(dot)com>, PgHacker <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: [v9.3] Row-Level Security
Date: 2012-06-28 15:34:13
Message-ID: 113BF38F-43EC-46D7-93AF-423BEC77B025@phlo.org (view raw or flat)
Thread:
Lists: pgsql-hackers
On Jun28, 2012, at 17:29 , Tom Lane wrote:
> Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp> writes:
>> 2012/6/27 Florian Pflug <fgp(at)phlo(dot)org>:
>>> Hm, what happens if a SECURITY DEFINER functions returns a refcursor?
> 
>> My impression is, here is no matter even if SECURITY DEFINER function
>> returns refcursor.
> 
> I think Florian has a point: it *should* work, but *will* it?
> 
> I believe it works today, because the executor only applies permissions
> checks during query startup.  So those checks are executed while still
> within the SECURITY DEFINER context, and should behave as expected.
> Subsequently, the cursor portal is returned to caller and caller can
> execute it to completion, no problem.

Don't we (sometimes?) defer query startup to the first time FETCH is
called?

best regards,
Florian Pflug


In response to

Responses

pgsql-hackers by date

Next:From: Jeff JanesDate: 2012-06-28 15:37:55
Subject: Re: Covering Indexes
Previous:From: Robert HaasDate: 2012-06-28 15:29:10
Subject: Re: experimental: replace s_lock spinlock code with pthread_mutex on linux

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group