| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Joe Conway <mail(at)joeconway(dot)com> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, Magnus Hagander <magnus(at)hagander(dot)net>, Robert Treat <xzilla(at)users(dot)sourceforge(dot)net>, Gregory Stark <stark(at)enterprisedb(dot)com>, pgsql-patches <pgsql-patches(at)postgresql(dot)org> |
| Subject: | Re: dblink connection security |
| Date: | 2007-07-07 18:31:03 |
| Message-ID: | 5502.1183833063@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-patches |
Joe Conway <mail(at)joeconway(dot)com> writes:
> One question: should we provide the SECURITY DEFINER functions with
> revoked privileges or just mention that in the docs? I was thinking
> something along the lines of the following even for the backpatched version:
Hmm. I guess the advantage of providing these pre-made is that it would
standardize the names to use for them, which seems like a good thing.
I'm not sure about the point of back-patching, though, since again
you're not going to be affecting the content of existing installations.
> REVOKE execute ON FUNCTION dblink_connect_u (text) FROM public;
> REVOKE execute ON FUNCTION dblink_connect_u (text, text) FROM public;
I'd write that as REVOKE ALL just to be future-proof.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2007-07-07 18:50:29 | Re: script binaries renaming |
| Previous Message | Zdenek Kotala | 2007-07-07 17:26:55 | Re: script binaries renaming |