Quick Links

Re: Fixing insecure security definer functions

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	"Merlin Moncure" <mmoncure(at)gmail(dot)com>
Cc:	"Stephen Frost" <sfrost(at)snowman(dot)net>, "Peter Eisentraut" <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org
Subject:	Re: Fixing insecure security definer functions
Date:	2007-02-16 03:56:17
Message-ID:	8581.1171598177@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

"Merlin Moncure" <mmoncure(at)gmail(dot)com> writes:
> yikes!

> If you guys go through with forcing functions to attach to objects
> when they are created, it will break almost every project I've ever
> worked on :(. The schema/function combo fits into all kinds of de
> facto partitioning strategies and organization methods.

If you read a bit further, I did suggest providing an option to retain
the current behavior. I don't think it should be the default though.

regards, tom lane

In response to

Re: Fixing insecure security definer functions at 2007-02-15 18:44:10 from Merlin Moncure

Responses

Re: Fixing insecure security definer functions at 2007-02-16 13:44:18 from Merlin Moncure

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Hideyuki Kawashima	2007-02-16 04:06:35	Re: Acclerating INSERT/UPDATE using UPS
Previous Message	Tom Lane	2007-02-16 03:42:00	Re: WIP patch - INSERT-able log statements