Simon Riggs wrote:
>>Clearly this is a must-fix issue, but I'm wondering exactly where the
>>check should be enforced. Is it sufficient to check at the time of
>>CREATE AGGREGATE that the creator has appropriate rights, or do we need
>>to do it every time the aggregate is used?
> Well spotted.
> Check should be once for each SQL statement in which the function is
> attempted to be used. Otherwise, an administrator might revoke EXECUTE
> privilege on a function that was used as part of an AGGREGATE, then
> discover that the user could still execute it in the way you suggest.
Or some sort of CASCADE should be required.
In response to
pgsql-hackers by date
|Next:||From: Christopher Kings-Lynne||Date: 2005-01-28 09:46:13|
|Subject: Re: Continue transactions after errors in psql|
|Previous:||From: Tom Lane||Date: 2005-01-28 07:38:45|
|Subject: Re: storage of compiled functions |