| From: | Florian Pflug <fgp(at)phlo(dot)org> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp>, Robert Haas <robertmhaas(at)gmail(dot)com>, PgHacker <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [v9.3] Row-Level Security |
| Date: | 2012-06-28 15:34:13 |
| Message-ID: | 113BF38F-43EC-46D7-93AF-423BEC77B025@phlo.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Jun28, 2012, at 17:29 , Tom Lane wrote:
> Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp> writes:
>> 2012/6/27 Florian Pflug <fgp(at)phlo(dot)org>:
>>> Hm, what happens if a SECURITY DEFINER functions returns a refcursor?
>
>> My impression is, here is no matter even if SECURITY DEFINER function
>> returns refcursor.
>
> I think Florian has a point: it *should* work, but *will* it?
>
> I believe it works today, because the executor only applies permissions
> checks during query startup. So those checks are executed while still
> within the SECURITY DEFINER context, and should behave as expected.
> Subsequently, the cursor portal is returned to caller and caller can
> execute it to completion, no problem.
Don't we (sometimes?) defer query startup to the first time FETCH is
called?
best regards,
Florian Pflug
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jeff Janes | 2012-06-28 15:37:55 | Re: Covering Indexes |
| Previous Message | Robert Haas | 2012-06-28 15:29:10 | Re: experimental: replace s_lock spinlock code with pthread_mutex on linux |