Re: [DOCS] Fix for function ownership
| От | Bruce Momjian |
|---|---|
| Тема | Re: [DOCS] Fix for function ownership |
| Дата | |
| Msg-id | 20170321023339.GC2045@momjian.us обсуждение исходный текст |
| Ответ на | Fix for function ownership (Bruce Momjian <bruce@momjian.us>) |
| Список | pgsql-docs |
On Fri, Sep 23, 2016 at 08:31:02PM -0400, Bruce Momjian wrote: > Nathan Wagner told me that two places in the create function docs say > permissions are controlled by the function creator, while permissions > are really controlled by the function owner. > > The attached patch fixes this. Applied. --------------------------------------------------------------------------- > > -- > Bruce Momjian <bruce@momjian.us> http://momjian.us > EnterpriseDB http://enterprisedb.com > > + As you are, so once was I. As I am, so you will be. + > + Ancient Roman grave inscription + > diff --git a/doc/src/sgml/ref/create_function.sgml b/doc/src/sgml/ref/create_function.sgml > new file mode 100644 > index 8108a43..b9d8833 > *** a/doc/src/sgml/ref/create_function.sgml > --- b/doc/src/sgml/ref/create_function.sgml > *************** CREATE [ OR REPLACE ] FUNCTION > *** 401,407 **** > is to be executed with the privileges of the user that calls it. > That is the default. <literal>SECURITY DEFINER</literal> > specifies that the function is to be executed with the > ! privileges of the user that created it. > </para> > > <para> > --- 401,407 ---- > is to be executed with the privileges of the user that calls it. > That is the default. <literal>SECURITY DEFINER</literal> > specifies that the function is to be executed with the > ! privileges of the user that owns it. > </para> > > <para> > *************** SELECT * FROM dup(42); > *** 747,753 **** > > <para> > Because a <literal>SECURITY DEFINER</literal> function is executed > ! with the privileges of the user that created it, care is needed to > ensure that the function cannot be misused. For security, > <xref linkend="guc-search-path"> should be set to exclude any schemas > writable by untrusted users. This prevents > --- 747,753 ---- > > <para> > Because a <literal>SECURITY DEFINER</literal> function is executed > ! with the privileges of the user that owns it, care is needed to > ensure that the function cannot be misused. For security, > <xref linkend="guc-search-path"> should be set to exclude any schemas > writable by untrusted users. This prevents > > -- > Sent via pgsql-docs mailing list (pgsql-docs@postgresql.org) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgsql-docs -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Ancient Roman grave inscription +
В списке pgsql-docs по дате отправления: