Re: Why security-definer functions are executable by public by default?
| От | Simon Riggs |
|---|---|
| Тема | Re: Why security-definer functions are executable by public by default? |
| Дата | |
| Msg-id | BANLkTinS9dsuar4+R+hWj3W5hO2yrNtRsg@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Why security-definer functions are executable by public by default? (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-general |
On Tue, Apr 5, 2011 at 3:45 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote: > hubert depesz lubaczewski <depesz@depesz.com> writes: >> was pointed to the fact that security definer functions have the same >> default privileges as normal functions in the same language - i.e. if >> the language is trusted - public has the right to execute them. > >> maybe i'm missing something important, but given the fact that security >> definer functions are used to get access to things that you usually >> don't have access to - shouldn't the privilege be revoked by default, >> and grants left for dba to decide? > > I don't see that that follows, at all. The entire point of a security > definer function is to provide access to some restricted resource to > users who couldn't get at it with their own privileges. Having it start > with no privileges would be quite useless. Agreed. If somebody is creating a security definer function then they are explicitly relaxing security. It's a little hard for people doing that to say that they were not aware of security and forgot to issue GRANTs to carefully define who got the new capability. -- Simon Riggs http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services
В списке pgsql-general по дате отправления: