On Fri, May 29, 2009 at 7:53 PM, Greg Stark <stark(at)enterprisedb(dot)com> wrote:
> On Fri, May 29, 2009 at 11:18 PM, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
>> Good point. But maybe there's some way of getting some kind of
>> behavior that is closer to lexical scoping/early binding? Because the
>> way it works right now has lousy security implications, beyond being
>> difficult for search_path management. Assign a search path to a
>> schema, that applies to views and functions defined therein?
> Well we already set search_path locally in SECURITY DEFINER functions.
> Normal functions run with the credentials of the caller so that's not
> an issue.
Maybe not for security, but certainly it is for correctness.
> But if a SECURITY DEFINER function calls another function that other
> function will inherit the credentials of the caller so it must inherit
> the search path of the caller as well. So that has to be dynamically
> I'm beginning to understand why Oracle programmers are accustomed to
> setting SECURITY DEFINER everywhere. I think Oracle also knows to
> treat such code as lexically scoped and can bind references when
> loading such code.
Uh... if I'm understanding you correctly, then I'm really hoping we
engineer a better solution for PostgreSQL.
In response to
pgsql-hackers by date
|Next:||From: Bruce Momjian||Date: 2009-05-30 02:39:25|
|Subject: Re: libpq is not thread safe|
|Previous:||From: Greg Stark||Date: 2009-05-30 00:36:20|
|Subject: Re: search_path improvements WAS: search_path vs extensions|