Skip site navigation (1) Skip section navigation (2)

Re: Trigger execution role (was: Triggers with DO functionality)

From: Alvaro Herrera <alvherre(at)commandprompt(dot)com>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Christopher Browne <cbbrowne(at)gmail(dot)com>, Kevin Grittner <kevin(dot)grittner(at)wicourts(dot)gov>, Peter Eisentraut <peter_e(at)gmx(dot)net>, Pg Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Trigger execution role (was: Triggers with DO functionality)
Date: 2012-02-28 02:18:22
Message-ID: 1330395223-sup-2953@alvh.no-ip.org (view raw or flat)
Thread:
Lists: pgsql-hackers 
Excerpts from Tom Lane's message of lun feb 27 20:49:36 -0300 2012:

> So (assuming Peter has read the spec correctly) I'm coming around to the
> idea that the anonymous trigger functions created by this syntax ought
> to be "SECURITY DEFINER table_owner".

I don't remember all the details, but I had a look at this in the
standard about a year ago and the behavior it mandated wasn't trivially
implemented using our existing mechanism.  I mentioned the issue of a
stack of user authorizations that is set up whenever a "routine"
(function) is entered, during last year's PGCon developer's meeting.  I
intended to have a look at implementing that, but I haven't done
anything yet.  What was clear to me was that once I explained the
problem, everyone seemed to agree that fixing it required more than some
trivial syntax rework.

-- 
Álvaro Herrera <alvherre(at)commandprompt(dot)com>
The PostgreSQL Company - Command Prompt, Inc.
PostgreSQL Replication, Consulting, Custom Development, 24x7 support

In response to

pgsql-hackers by date

Next:From: Kyotaro HORIGUCHIDate: 2012-02-28 02:59:02
Subject: Re: Speed dblink using alternate libpq tuple storage
Previous:From: Alvaro HerreraDate: 2012-02-28 02:12:08
Subject: Re: Command Triggers

Privacy Policy | About PostgreSQL
Copyright © 1996-2013 The PostgreSQL Global Development Group