> -----Original Message-----
> From: Tom Lane [mailto:tgl(at)sss(dot)pgh(dot)pa(dot)us]
> Actually, I don't find that to be a given. Exactly what use-cases have
> you got that aren't solved as well or better by calling a SECURITY DEFINER
> function owned by the target role?
Oh, that's easy: If you want to do the equivalent of setreuid(geteuid(), getuid()); that is, if you want to drop privileges for a particular operation. Our particular use case is that we want to evaluate an expression provided by the caller but with the caller's privileges.
In response to
pgsql-hackers by date
|Next:||From: Robert Haas||Date: 2009-12-31 18:14:39|
|Subject: Re: Status of plperl inter-sp calling|
|Previous:||From: Tom Lane||Date: 2009-12-31 18:08:49|
|Subject: Re: uintptr_t for Datum |