| From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
|---|---|
| To: | Steve Chavez <steve(at)supabase(dot)io> |
| Cc: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Add SECURITY_INVOKER_VIEWS option to CREATE DATABASE |
| Date: | 2026-01-28 19:39:18 |
| Message-ID: | CAKFQuwZh0SQdTq+M5umB2Sy1ORNEwMqgL5cpfmEW_B3_iYXQoQ@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Jan 28, 2026 at 12:19 PM Steve Chavez <steve(at)supabase(dot)io> wrote:
> > I’d be more inclined to change this incompatibility than try to affect
> action at a distance with a database setting.
>
> Could we instead have a shortcut for view creation like `CREATE SECURE
> VIEW` (would be the same as WITH (security_invoker = true)`) ? This at
> least makes it harder to forget specifying the option and also denotes that
> by default views are insecure (since they're most likely created by
> security_definer=superuser)
>
>
Please don't top-post.
Inventing alternative syntax with the same fundamental issue, just an
arguably different failure threshold, is unappealing.
David J.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Laurenz Albe | 2026-01-28 20:28:43 | Re: Add SECURITY_INVOKER_VIEWS option to CREATE DATABASE |
| Previous Message | Jeff Davis | 2026-01-28 19:37:13 | A few pg_locale.c fixes |