Skip site navigation (1) Skip section navigation (2)

Re: Fixing insecure security definer functions

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: Merlin Moncure <mmoncure(at)gmail(dot)com>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Fixing insecure security definer functions
Date: 2007-03-29 18:10:50
Message-ID: 20070329181050.GZ31937@tamriel.snowman.net (view raw or flat)
Thread:
Lists: pgsql-hackers
* Merlin Moncure (mmoncure(at)gmail(dot)com) wrote:
> fwiw, I think this is a great solution...because the default behavior
> is preserved you get through without any extra guc settings (although
> you may want to add one anyways).

I agree that the proposed solution looks good.

> maybe security definer functions should raise a warning for implicit
> PATH NONE, and possibly even deprecate that behavior and force people
> to type it out in future (8.4+) releases.

While I agree that raising a warning makes sense I don't believe it
should be forced.  There may be cases where, even in security definer
functions, the current search_path should be used (though, of course,
care must be taken in writing such functions).

	Thanks,

		Stephen

In response to

Responses

pgsql-hackers by date

Next:From: Bruce MomjianDate: 2007-03-29 18:12:39
Subject: Re: tsearch_core patch for inclusion
Previous:From: Merlin MoncureDate: 2007-03-29 18:02:36
Subject: Re: Fixing insecure security definer functions

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group