Quick Links

Re: [GENERAL] What user to defaults execute as?

From:	Bruno Wolff III <bruno(at)wolff(dot)to>
To:	pgsql-hackers(at)postgresql(dot)org
Subject:	Re: [GENERAL] What user to defaults execute as?
Date:	2002-10-30 20:40:02
Message-ID:	20021030204002.GA7210@wolff.to
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general pgsql-hackers

On Wed, Oct 30, 2002 at 14:03:21 -0600,
>
> While I am not sure about triggers, it certainly is possible to get
> a similar effect be having the referenced function run with the security
> of the definer.

I read some more on triggers and found that according to the documentation,
they appear to run as the user doing the insert, update or delete and
are specifically noted to be dangerous. And while using the execute as
definer can allow a trigger writer to provide limited access to the invoker,
it doesn't protect the invoker from the trigger writer. It seems unlikely
that triggers should be doing things to objects that the trigger owner
doesn't have rights to. And this might be another place where using the
access of the owner would be better than using that of the invoker.

In response to

Re: What user to defaults execute as? at 2002-10-30 20:03:21 from Bruno Wolff III

Responses

setuid for defaults, constraints and triggers (Was: What user to [sic] defaults execute as?) at 2002-10-31 14:54:02 from Bruno Wolff III
Re: [GENERAL] What user to defaults execute as? at 2002-11-02 02:35:40 from Bruce Momjian

Browse pgsql-general by date

	From	Date	Subject
Next Message	Kevin Old	2002-10-30 20:42:04	Re: [SQL] Database Design tool
Previous Message	s-psql	2002-10-30 20:13:39	Re: permission prob: granted, but still denied

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Rod Taylor	2002-10-30 20:49:30	Re: 7.2.3 vacuum bug
Previous Message	Neil Conway	2002-10-30 20:38:31	Re: 7.2.3 vacuum bug