Quick Links

Re: Security leak with trigger functions?

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Peter Eisentraut <peter_e(at)gmx(dot)net>
Cc:	pgsql-hackers(at)postgresql(dot)org, "Albe Laurenz" <all(at)adv(dot)magwien(dot)gv(dot)at>
Subject:	Re: Security leak with trigger functions?
Date:	2006-12-14 17:53:55
Message-ID:	22557.1166118835@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> Tom Lane wrote:
>> The question in my mind is what privilege to check and when.

> By extrapolation of the SQL standard, I'd say we'd need to check the
> EXECUTE privilege of the function at run time.

Certainly EXECUTE privilege is what to check, but whose privilege?

regards, tom lane

Re: Security leak with trigger functions? at 2006-12-14 17:47:34 from Peter Eisentraut

Re: Security leak with trigger functions? at 2006-12-14 18:17:20 from Peter Eisentraut

	From	Date	Subject
Next Message	Peter Eisentraut	2006-12-14 17:56:47	Multiple uses of same internal function
Previous Message	Peter Eisentraut	2006-12-14 17:47:34	Re: Security leak with trigger functions?