Re: Why ACL_EXECUTE is checked on FindConversion()?

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: Why ACL_EXECUTE is checked on FindConversion()?
Date: 2009-08-19 18:27:53
Message-ID: 26499.1250706473@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> writes:
> When FindConversion() is called, it also checks current user's ACL_EXECUTE
> privilege on the conproc of the fetched conversion.

> Why this check is applied on FindConversion(), instead of FindDefaultConversion()?

Does seem pretty inconsistent, doesn't it?

The original idea may have been to provide a substitute for a USAGE
ACL check on conversions, in which case it's not totally insane: if
you make a conversion default then you're implicitly granting it to
public. But there's no documentation about this.

Offhand I see no really good reason to have a usage check on
conversions, and would be happy with removing this one. The function
permission check at CREATE CONVERSION time ought to be sufficient.

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Chander Ganesan 2009-08-19 18:39:39 Re: We should Axe /contrib/start-scripts
Previous Message Tom Lane 2009-08-19 18:22:39 Re: Idea about estimating selectivity for single-column expressions