| From: | "Alain Roger" <raf(dot)news(at)gmail(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | question about stored procedure / function |
| Date: | 2007-03-11 19:10:02 |
| Message-ID: | 75645bbb0703111210s73d23b0eu49b0c8081be6ca44@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hi,
i created the following function :
-- Function: immense.sp_a_001(username "varchar", pwd "varchar")
-- DROP FUNCTION immense.sp_a_001(username "varchar", pwd "varchar");
CREATE OR REPLACE FUNCTION immense.sp_a_001(username "varchar", pwd
"varchar")
RETURNS int4 AS
$BODY$
DECLARE
myrec immense.accounts%ROWTYPE;
count INTEGER := 0;
/**************************************/
BEGIN
FOR myrec IN
SELECT * FROM immense.accounts WHERE account_login=$1 and account_pwd=$2
LOOP
count := count + 1;
END LOOP;
RETURN count;
END;
$BODY$
LANGUAGE 'plpgsql' VOLATILE;
ALTER FUNCTION immense.sp_a_001(username "varchar", pwd "varchar") OWNER TO
immensesk;
GRANT EXECUTE ON FUNCTION immense.sp_a_001(username "varchar", pwd
"varchar") TO immensesk;
However, postgreSQL add automatically the following line to each procedure
and i do not know why ?
GRANT EXECUTE ON FUNCTION immense.sp_a_001(username "varchar", pwd
"varchar") TO public;
normally, in such case (i mean without granted execution right to public on
this procedure), only immensesk user should be able to run it... so why such
thing ?
it is not secured...
or is there something i missed ?
--
Alain
------------------------------------
Windows XP SP2
PostgreSQL 8.1.4
Apache 2.0.58
PHP 5
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Anton Melser | 2007-03-11 19:42:49 | Re: question about stored procedure / function |
| Previous Message | Josh Berkus | 2007-03-11 18:45:19 | Attention Skandanavians: Josh in Oslo |