| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Rod Taylor <rbt(at)zort(dot)ca>, Hackers List <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Security Issue.. |
| Date: | 2002-04-15 04:15:47 |
| Message-ID: | Pine.LNX.4.30.0204150014090.717-100000@peter.localdomain |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tom Lane writes:
> Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> > For instance, if you create a view
> > CREATE VIEW bar AS SELECT * FROM foo;
> > then the statement
> > SELECT * FROM bar;
> > needs privileges to read "foo".
>
> This works just fine, thank you: the privileges are checked against the
> owner of the view.
OK, nevermind. The case I was referring to was that the CREATE VIEW
statement succeeds and the privileges are checked when the view is
queried. This is not in compliance with SQL, but it doesn't seem to
matter that much.
--
Peter Eisentraut peter_e(at)gmx(dot)net
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2002-04-15 04:17:22 | Re: [PATCHES] ANSI Compliant Inserts |
| Previous Message | Bruce Momjian | 2002-04-15 04:13:46 | Re: [PATCHES] ANSI Compliant Inserts |