| From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
|---|---|
| To: | Steve Chavez <steve(at)supabase(dot)io> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Add SECURITY_INVOKER_VIEWS option to CREATE DATABASE |
| Date: | 2026-01-27 18:02:34 |
| Message-ID: | CAKFQuwYa=UuoU6Pb1YzUkwkw60k+NfqCaO+qsuCKD_-uJ85ysQ@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tuesday, January 27, 2026, Steve Chavez <steve(at)supabase(dot)io> wrote:
> Hello hackers,
>
> Currently views are not secure by default since they bypass RLS.
> PostgreSQL 15 introduced the `WITH (security_invoker = true)` option for
> this but it's easy to miss on every new view created.
>
> It's also inconsistent with functions, which default to SECURITY INVOKER.
>
I’d be more inclined to change this incompatibility than try to affect
action at a distance with a database setting. But suspect the status-quo
is likely to prevail. Maybe we need a view of views that reference RLS
relations that aren’t security_invoker? Add something to the docs? If one
knows enough to enable a database setting they can institute different less
problematic solutions as well. Maybe we provide an event trigger example.
David J.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jelte Fennema-Nio | 2026-01-27 18:10:11 | Re: Safer hash table initialization macro |
| Previous Message | Steve Chavez | 2026-01-27 17:46:41 | Re: Add SECURITY_INVOKER_VIEWS option to CREATE DATABASE |