On Fri, 22 Apr 2022 at 13:44, Tom Lane wrote:
> There is zero security concern for non-SECURITY-DEFINER functions,
> since they do nothing callers couldn't do for themselves. For those,
> you typically do want to grant out permissions. As for SECURITY DEFINER
> functions, there is no reason
Jacek Trocinski writes:
> The default behavior on Postgres is to grant EXECUTE to PUBLIC on any
> function or procedure that is created.
> I feel this this is a security concern, especially for procedures and
> functions defined with the "SECURITY DEFINER" clause.
There is zero security concern
Hi,
The default behavior on Postgres is to grant EXECUTE to PUBLIC on any
function or procedure that is created.
I feel this this is a security concern, especially for procedures and
functions defined with the "SECURITY DEFINER" clause.
Normally, we don’t want everyone on the database to be
