Re: lastval exposes information that currval does not
| От | Phil Frost |
|---|---|
| Тема | Re: lastval exposes information that currval does not |
| Дата | |
| Msg-id | 20060710174227.GA5984@unununium.org обсуждение исходный текст |
| Ответ на | Re: lastval exposes information that currval does not (Bruce Momjian <bruce@momjian.us>) |
| Ответы |
Re: lastval exposes information that currval does not
|
| Список | pgsql-hackers |
On Mon, Jul 10, 2006 at 12:49:54PM -0400, Bruce Momjian wrote: > > Docs updated: > > <para> > For schemas, allows the grantee to find objects contained in the > specified schema (assuming that the objects' own privilege requirements > are also met). > </para> I think that misses the point. One can easily find objects in a schema without usage by examining the system catalogs. The point is that there are ways to access objects without going through the schema usage check, and also that the check is made only once at the time a name is resolved to an oid, which may then be cached in a prepared statement, stored procedure, lastval, or the like. I would suggest something more like this: For schemas, allows the grantee to reference objects within the specified schema by name. Note that any method of accessingan object that does not involve naming will not check for this privilege. For example, any function taking anOID parameter or lastval(). Also, the check for this privilege will be made only once when a query is planned, so storedplans such as from prepared statements or stored procedures will not make the check again when subsequently executed. In applications where security is very important, it may be wise to assure that no users have undesired privileges onobjects within a schema, and not to rely solely on the schema usage privilege.
В списке pgsql-hackers по дате отправления: