Re: [GENERAL] What user to defaults execute as?

I think we open up more security problems by having the inserter doing
things as the owner of the table.

---------------------------------------------------------------------------

Bruno Wolff III wrote:
> On Wed, Oct 30, 2002 at 14:03:21 -0600,
> > 
> > While I am not sure about triggers, it certainly is possible to get
> > a similar effect be having the referenced function run with the security
> > of the definer.
> 
> I read some more on triggers and found that according to the documentation,
> they appear to run as the user doing the insert, update or delete and
> are specifically noted to be dangerous. And while using the execute as
> definer can allow a trigger writer to provide limited access to the invoker,
> it doesn't protect the invoker from the trigger writer. It seems unlikely
> that triggers should be doing things to objects that the trigger owner
> doesn't have rights to. And this might be another place where using the
> access of the owner would be better than using that of the invoker.
> 
> ---------------------------(end of broadcast)---------------------------
> TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org
> 

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
359-1001+  If your life is a hard drive,     |  13 Roberts Road +  Christ can be your backup.        |  Newtown Square,
Pennsylvania19073