| From: | "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com> |
|---|---|
| To: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
| Cc: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: search path security issue? |
| Date: | 2017-10-05 22:05:07 |
| Message-ID: | 9fcb6f20-d94f-466c-1b72-b8b172de3dba@commandprompt.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 10/05/2017 02:54 PM, David G. Johnston wrote:
> On Thu, Oct 5, 2017 at 2:37 PM, Joshua D. Drake <jd(at)commandprompt(dot)com
> <mailto:jd(at)commandprompt(dot)com>>wrote:
>
> I get being able to change my search_path on the fly but it seems
> odd that as user foo I can change my default search path?
>
>
> Seems down-right thoughtful of us to allow users to change their own
> defaults instead of forcing them to always change things on-the-fly or
> bug a DBA to change the default for them.
It seems that if a super user changes the search path with ALTER
USER/ROLE, then the user itself should not (assuming not an elevated
privilege) should not be able to change it. Again, I get being able to
do it with SET but a normal user shouldn't be able to reset a super user
determined setting.
Shrug,
JD
>
> David J.
>
--
Command Prompt, Inc. || http://the.postgres.company/ || @cmdpromptinc
PostgreSQL Centered full stack support, consulting and development.
Advocate: @amplifypostgres || Learn: https://pgconf.us
***** Unless otherwise stated, opinions are my own. *****
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2017-10-05 22:13:07 | Re: fork()-safety, thread-safety |
| Previous Message | Nico Williams | 2017-10-05 22:02:22 | fork()-safety, thread-safety |