From: | Jim Nasby <jnasby(at)pervasive(dot)com> |
---|---|
To: | Phil Frost <indigo(at)bitglue(dot)com> |
Cc: | pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: lastval exposes information that currval does not |
Date: | 2006-07-08 21:47:33 |
Message-ID: | 5D0069EE-32D3-45A1-87B4-267CA86B1D17@pervasive.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Jul 6, 2006, at 11:02 AM, Phil Frost wrote:
> I hope the above example is strong enough to elicit a comment from a
> qualified developer. If it is not, consider that stored procedures
> contain prepared statements, and many client applications cache
> prepared
> statements as well. Thus, revoking usage on a schema is about as
> good as
> nothing until all sessions have ended. It also means that any function
> which operates with OIDs can potentially bypass the schema usage
> check.
I'm pretty sure that's by design, especially given this tidbit of the
docs:
"Essentially this allows the grantee to "look up" objects within the
schema."
Though perhaps the intention is to change this once we have a means
to invalidate plans.
The docs probably should elaborate that once something's been looked
up you no longer need permissions on the schema it resides in.
--
Jim C. Nasby, Sr. Engineering Consultant jnasby(at)pervasive(dot)com
Pervasive Software http://pervasive.com work: 512-231-6117
vcard: http://jim.nasby.net/pervasive.vcf cell: 512-569-9461
From | Date | Subject | |
---|---|---|---|
Next Message | Jim Nasby | 2006-07-08 21:54:26 | Re: [GENERAL] UUID's as primary keys |
Previous Message | Andrew Dunstan | 2006-07-08 19:23:09 | Re: request for feature: psql 'DSN' option |