| From: | Bruno Wolff III <bruno(at)wolff(dot)to> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Adam Witney <awitney(at)sghms(dot)ac(dot)uk>, val(at)webtribe(dot)net, pgsql-general <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: DML Restriction unless through a function |
| Date: | 2004-06-30 16:09:48 |
| Message-ID: | 20040630160948.GA15644@wolff.to |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Wed, Jun 30, 2004 at 12:00:44 -0400,
Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>
> That doesn't sound right to me at all. A SECURITY DEFINER function is
> self contained --- if we ever failed to execute it as the owning user,
> that would be a bug, and I'd be pleased to see an example.
>
> I do recall that if you have a function that is *not* SECURITY DEFINER,
> and you use it in a view, it will be invoked as the current user, not as
> the view creator which is what some people expect. It's fairly easy to
> get around this using SECURITY DEFINER, so it's unlikely that we'll
> change it ...
That is what I was probably thinking of.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | joseph speigle | 2004-06-30 16:10:15 | Re: substring syntax with regexp |
| Previous Message | Joe Maldonado | 2004-06-30 16:08:57 | Re: query failing with out of memory error message. |