čt 7. 1. 2021 v 15:50 odesílatel David G. Johnston < [email protected]> napsal:
> On Thursday, January 7, 2021, Pavel Stehule <[email protected]> > wrote: > >> >> >> The vulnerability is almost the same although it is a little bit harder >> to create attack strings. >> > > Would making the function run as “security definer” and setting up a > minimal permissions user/owner help with mitigation? > yes. It is a very different usage of security definer functions, but it can work. Regards Pavel > David J. >
