Re: Restrict ALTER FUNCTION CALLED ON NULL INPUT (was Re: Not quite a security hole: CREATE LANGUAGE for non-superusers)

Поиск
Список
Период
Сортировка
От Kevin Grittner
Тема Re: Restrict ALTER FUNCTION CALLED ON NULL INPUT (was Re: Not quite a security hole: CREATE LANGUAGE for non-superusers)
Дата
Msg-id 4FD7696902000025000483A4@gw.wicourts.gov
обсуждение исходный текст
Ответ на Re: Restrict ALTER FUNCTION CALLED ON NULL INPUT (was Re: Not quite a security hole: CREATE LANGUAGE for non-superusers)  (Stephen Frost <sfrost@snowman.net>)
Ответы Re: Restrict ALTER FUNCTION CALLED ON NULL INPUT (was Re: Not quite a security hole: CREATE LANGUAGE for non-superusers)
Список pgsql-hackers
Дерево обсуждения 
>Stephen Frost <sfrost@snowman.net> wrote: 
> If we had an independent way to have the function run as a
> specific user, where that user DIDN'T own the function, I think
> Kevin's use case would be satisfied.
I agree.  I'm not sure quite what that would look like, but maybe
SECURITY ROLE <rolename> or some such could be an alternative to
SECURITY INVOKER and SECURITY DEFINER.  (I haven't looked to see
what the standard has here.)
-Kevin

В списке pgsql-hackers по дате отправления: