| From: | Bruno Wolff III <bruno(at)wolff(dot)to> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Martijn van Oosterhout <kleptog(at)svana(dot)org>, pgsql-hackers(at)postgreSQL(dot)org |
| Subject: | Re: Is a SERIAL column a "black box", or not? |
| Date: | 2006-05-01 16:01:35 |
| Message-ID: | 20060501160135.GA384@wolff.to |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
I went back to see if I could find the discussion about this in the past.
It was less than I thought. Most it was me posting with some feedback from
Rod Taylor. The thread started with the subject "What user to defaults execute
as?" on general, but I mutated the subject to "setuid for defaults, constraints
and triggers (Was: What user to [sic] defaults execute as?)".
The summary is that I was suggesting that default expressions, triggers and
constraints should all run as the table owner instead of the invoker as
there was little use for them to need the access of the invoker, while there
was benefit in having them run as the owner. In addition there is a mild
security issue in that default expressions and constraints could be used as
trojans so that inserting data into a table could allow that table owner the
ability to do things they shouldn't be doing to the invoker's table. Though
in practice anyone granted to the ability to create functions (which you need
to exploit this) is already very highly trusted.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2006-05-01 16:12:14 | Re: Is a SERIAL column a "black box", or not? |
| Previous Message | Jonah H. Harris | 2006-05-01 15:45:21 | Re: InsertXLogFile in pg_resetxlog |