| From: | Alvaro Herrera <alvherre(at)commandprompt(dot)com> |
|---|---|
| To: | Derrick Rice <derrick(dot)rice(at)gmail(dot)com> |
| Cc: | Guillaume Lelarge <guillaume(at)lelarge(dot)info>, pgsql-docs <pgsql-docs(at)postgresql(dot)org> |
| Subject: | Re: DROP TABLE can be issued by schema owner as well as table owner |
| Date: | 2011-05-20 16:53:49 |
| Message-ID: | 1305910393-sup-7762@alvh.no-ip.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-docs |
Excerpts from Derrick Rice's message of vie may 20 12:35:24 -0400 2011:
> On Fri, May 20, 2011 at 12:18 PM, Guillaume Lelarge
> <guillaume(at)lelarge(dot)info>wrote:
>
> > Well, for a specific object, any superuser, the database owner, the
> > schema owner, and the object owner could drop the object. This is not a
> > vulnerability.
> >
>
> It is not documented clearly. Any information not made clear is an
> opportunity for an error which leads to a vulnerability.
So we need a standard caveat stmt on all relevant pages? Seems
reasonable to me.
--
Álvaro Herrera <alvherre(at)commandprompt(dot)com>
The PostgreSQL Company - Command Prompt, Inc.
PostgreSQL Replication, Consulting, Custom Development, 24x7 support
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Guillaume Lelarge | 2011-05-20 17:24:26 | Re: DROP TABLE can be issued by schema owner as well as table owner |
| Previous Message | Derrick Rice | 2011-05-20 16:35:24 | Re: DROP TABLE can be issued by schema owner as well as table owner |