On 04/05/2011 09:41 AM, hubert depesz lubaczewski wrote:
hi
was pointed to the fact that security definer functions have the same
default privileges as normal functions in the same language - i.e. if
the language is trusted - public has the right to execute them.
maybe i'm missing something important, but given the fact that security
definer functions are used to get access to things that you usually
don't have access to - shouldn't the privilege be revoked by default,
and grants left for dba to decide?
depesz
That is exactly the point of security definer. It means that even though
you do not have rights to data, I have a special function that will
allow you the rights in a very specific way.
For example, I give my users no rights on any tables. The only way they
can access data is through views and security definer functions. The
functions are built in such a way that it only allows them access in the
manner that I want them to.
So while my user cannot insert into the table, he can pass the correct
parameters into the function and if everything checks out write it will
insert the row.
Sim
--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
