Re: SET LOCAL ROLE inside SECURITY INVOKER (LANGUAGE plpgsql) function

Поиск
Список
Период
Сортировка
От Álvaro Herrera
Тема Re: SET LOCAL ROLE inside SECURITY INVOKER (LANGUAGE plpgsql) function
Дата
Msg-id 202507311618.t7vdkwzigntv@alvherre.pgsql
обсуждение исходный текст
Ответ на Re: SET LOCAL ROLE inside SECURITY INVOKER (LANGUAGE plpgsql) function  (Dominique Devienne <ddevienne@gmail.com>)
Список pgsql-general
Дерево обсуждения 
On 2025-Jul-31, Dominique Devienne wrote:

> But also, it's weird DELETE allows you to delete all rows.
> Yet prevents you from deleting just one, i.e. a subset.

But you don't know what you deleted, so you cannot exfiltrate useful
info by repeatedly deleting with varying WHERE values.  I suspect that
you aren't able to use DELETE RETURNING either, unless you have SELECT
privs.

> I get it, a WHERE needs to read, so needs SELECT.

Right.

-- 
Álvaro Herrera         PostgreSQL Developer  —  https://www.EnterpriseDB.com/
"El destino baraja y nosotros jugamos" (A. Schopenhauer)

В списке pgsql-general по дате отправления: