On Sun, Apr 21, 2024 at 8:13 PM Tom Lane <t...@sss.pgh.pa.us> wrote:
> "David G. Johnston" <david.g.johns...@gmail.com> writes: > > On Sunday, April 21, 2024, yudhi s <learnerdatabas...@gmail.com> wrote: > >> Are you saying something like below, in which we first create the > >> function from super user and then execute the grant? But doesn't that > mean, > >> each time we want to create a new event trigger we have to be again > >> dependent on the "super user" to modify the security definer function? > > > Dynamic SQL. See “execute” in plpgsql. > > You might as well just give that user superuser and be done with it. > It's foolish to imagine that you have any shred of security left > if you're letting a user that's not 100.00% trusted write event > triggers. (Much less execute any SQL command whatsoever, which > is what it sounds like David is suggesting you create a function > to do.) > > So do you mean , we should not create the event trigger using the "security definer" , rather have the super user do this each time we have to create the event trigger? Actually , I am not very much aware about the security part, but is it fine to give the super user privilege to the application user(say app_user) from which normally scripts/procedures get executed by the application, but nobody(individual person) can login using that user. Additionally in other databases, triggers are driven by some specific privileges (say for example in oracle "create trigger" privilege). And it doesn't need any super user and we were having many applications in which the application user (which were used for app to app login) was having these privileges, similar to "create table" privileges which comes by default to the schema who owns the objects etc. So in this case i was wondering if "event trigger" can cause any additional threat and thus there is no such privilege like "create trigger" exist in postgres and so it should be treated cautiously?
