Re: Is this a bug, possible security hole, or wrong assumption?

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: "Sander Steffann" <sander(at)steffann(dot)nl>
Cc: "Mike Mascari" <mascarm(at)mascari(dot)com>, pgsql-general(at)postgresql(dot)org
Subject: Re: Is this a bug, possible security hole, or wrong assumption?
Date: 2002-06-09 15:18:39
Message-ID: 5469.1023635919@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

"Sander Steffann" <sander(at)steffann(dot)nl> writes:
> But he is right in that his trick works. This proves that views can not be
> safely used for security, which is an important thing to realise...

A different way to look at it is that the privilege of creating
functions shouldn't be handed out willy-nilly. The trick of hiding
recording operations in a function can be used in other ways besides
this one.

regards, tom lane

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Alan Wayne 2002-06-09 15:27:04 Re: Help with data transfer please
Previous Message Sander Steffann 2002-06-09 09:19:30 Re: Is this a bug, possible security hole, or wrong assumption?