Re: Why security-definer functions are executable by public by default?
| От | Adrian Klaver |
|---|---|
| Тема | Re: Why security-definer functions are executable by public by default? |
| Дата | |
| Msg-id | 4D9C873F.9020308@gmail.com обсуждение исходный текст |
| Ответ на | Re: Why security-definer functions are executable by public by default? (hubert depesz lubaczewski <depesz@depesz.com>) |
| Список | pgsql-general |
On 04/06/2011 07:41 AM, hubert depesz lubaczewski wrote: > On Wed, Apr 06, 2011 at 09:06:50AM +0200, pasman pasmański wrote: >>> was pointed to the fact that security definer functions have the same >>> default privileges as normal functions in the same language - i.e. if >>> the language is trusted - public has the right to execute them. >>> >>> maybe i'm missing something important, but given the fact that security >>> definer functions are used to get access to things that you usually >>> don't have access to - shouldn't the privilege be revoked by default, >>> and grants left for dba to decide? >>> >> >> you can create function in schema accesible to dba only. > > sure. and I can revoke the privileges and grant the ones I need. > > I know I can *fix* it. But I just think that the default should be the > same as with untrusted languages. As was said earlier the point of SECURITY DEFINER is to allow non-privileged users access to privileged content. When a trusted function is created it is has the default of SECURITY INVOKER that restricts it privileges to that of the calling user. Switching to SECURITY DEFINER is a dba decision on grants already. > > depesz > -- Adrian Klaver adrian.klaver@gmail.com
В списке pgsql-general по дате отправления: