Re: SQL-standard function bodies and creating SECURITY DEFINER routines securely
| От | Bruce Momjian |
|---|---|
| Тема | Re: SQL-standard function bodies and creating SECURITY DEFINER routines securely |
| Дата | |
| Msg-id | Y0ArNYxcHbimR6zN@momjian.us обсуждение исходный текст |
| Ответ на | Re: SQL-standard function bodies and creating SECURITY DEFINER routines securely (Erki Eessaar <erki.eessaar@taltech.ee>) |
| Ответы |
Re: SQL-standard function bodies and creating SECURITY DEFINER routines securely
Re: SQL-standard function bodies and creating SECURITY DEFINER routines securely |
| Список | pgsql-docs |
On Fri, Oct 7, 2022 at 08:05:36AM +0000, Erki Eessaar wrote: > Hello > > I confirmed, that setting search_path is indeed sometimes needed in case of > SECURITY DEFINER routines that have SQL-standard bodies. See an example at the > end of the letter. > > I suggest the following paragraph to the documentation: > > Starting from PostgreSQL 14 SQL-standard bodies can be used in SQL-language > functions. This form tracks dependencies between the function and objects used > in the function body. However, there is still a possibility that such function > calls other code that reacts to search path. Thus, as a best practice, SECURITY > DEFINER functions with SQL-standard bodies should also override search_path. I think this gets back to what Noah said about this section not needing to explain all the details but rather give general guidance. I am not sure adding the reasons for _why_ you should use search path for SQL-standard bodies is really adding anything. Noah, is that accurate? -- Bruce Momjian <bruce@momjian.us> https://momjian.us EDB https://enterprisedb.com Indecision is a decision. Inaction is an action. Mark Batterson
В списке pgsql-docs по дате отправления: