Re: [ANNOUNCE] Advisory on possibly insecure security definer functions

From: Karsten Hilbert <Karsten(dot)Hilbert(at)gmx(dot)net>
To: pgsql-general(at)postgresql(dot)org
Subject: Re: [ANNOUNCE] Advisory on possibly insecure security definer functions
Date: 2007-02-18 10:38:15
Message-ID: 20070218103815.GF5088@merkur.hilbert.loc
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general pgsql-hackers

On Sat, Feb 17, 2007 at 11:31:19AM -0700, Michael Fuhr wrote:

> If you schema-qualify objects instead of setting search_path then
> don't forget about operators.
I knew I had missed something.

> SELECT col
> FROM schemaname.tablename
> WHERE othercol operator(pg_catalog.=) schemaname.funcname(someval)

Good to know what.

Thanks,
Karsten
--
GPG key ID E4071346 @ wwwkeys.pgp.net
E167 67FD A291 2BEA 73BD 4537 78B9 A9F9 E407 1346

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Karsten Hilbert 2007-02-18 11:29:17 Why *exactly* is date_trunc() not immutable ?
Previous Message Magnus Hagander 2007-02-18 10:04:15 Re: Automated backups for PG running on Windows Server?

Browse pgsql-hackers by date

  From Date Subject
Next Message Guillaume Smet 2007-02-18 11:07:49 Re: WIP patch - INSERT-able log statements
Previous Message Lukas Kahwe Smith 2007-02-18 10:16:46 Re: Plan invalidation design