Quick Links

security_definer_search_path GUC

From:	Marko Tiikkaja <marko(at)joh(dot)to>
To:	PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject:	security_definer_search_path GUC
Date:	2021-05-27 11:23:35
Message-ID:	CAL9smLA_SEWvpusSR8B+K=OOhMwRfKHABZB7J3rc_WcZDmroHQ@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Hi,

Since writing SECURITY DEFINER functions securely requires annoying
incantations[1], wouldn't it be nice if we provided a way for the superuser
to override the default search path via a GUC in postgresql.conf? That way
you can set search_path if you want to override the default, but if you
leave it out you're not vulnerable, assuming security_definer_search_path
only contains secure schemas.

Responses

Re: security_definer_search_path GUC at 2021-05-29 20:05:34 from Joel Jacobson

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Yura Sokolov	2021-05-27 11:45:50	Re: Add PortalDrop in exec_execute_message
Previous Message	Julien Rouhaud	2021-05-27 11:12:16	Re: sync request forward function ForwardSyncRequest() might hang for some time in a corner case?