Re: Security leak with trigger functions?
| От | Peter Eisentraut |
|---|---|
| Тема | Re: Security leak with trigger functions? |
| Дата | |
| Msg-id | 18cf4bff-0a1c-38de-e0c1-b8d16fb3c602@2ndquadrant.com обсуждение исходный текст |
| Ответ на | Re: Security leak with trigger functions? (Chapman Flack <chap@anastigmatix.net>) |
| Список | pgsql-hackers |
On 1/22/18 16:04, Chapman Flack wrote: >> PostgreSQL only allows a trigger action of "call this function", so in >> the SQL standard context that would mean we'd need to check the EXECUTE >> privilege of the owner of the trigger. The trick is figuring out who >> the owner is. If it's the owner of the table, then TRIGGER privilege >> is effectively total control over the owner of the table. If it's >> whoever created the trigger, it might be useful, but I don't see how >> that is compatible with the intent of the SQL standard. > > Hmm, it's been not quite a dozen years, have there been later threads > that followed up on this discussion? No, I don't think anything has changed here. -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
В списке pgsql-hackers по дате отправления: