| From: | Jeff Davis <pgsql(at)j-davis(dot)com> |
|---|---|
| To: | Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org> |
| Cc: | Pg Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: lowering privs in SECURITY DEFINER function |
| Date: | 2011-04-06 22:39:27 |
| Message-ID: | 1302129567.13475.3.camel@jdavis-ux.asterdata.local |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, 2011-04-06 at 18:33 -0300, Alvaro Herrera wrote:
> (Consider, for example, that you may want to enable a user to run some
> operation to which he is authorized, but you want to carry out some
> privileged operation before/after doing so: for example, disable
> triggers, run an update, re-enable triggers.)
I'm not sure I understand the use case. If it's within one function, why
not just do it all as the privileged user in the security definer
function?
The only reason I can think of it if you wanted to make the unprivileged
operation arbitrary SQL. But in the example you give, with triggers
disabled, it's not safe to allow the user to execute arbitrary
operations.
In other words, if you wrap an unprivileged operation inside of
privileged operations, it seems like the unprivileged operation then
becomes privileged. Right?
Regards,
Jeff Davis
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Dunstan | 2011-04-06 23:04:42 | superusers are members of all roles? |
| Previous Message | Kevin Grittner | 2011-04-06 22:32:15 | Re: getting to beta |