[GENERAL] question about stored procedure / function

Alain Roger Sun, 11 Mar 2007 11:19:33 -0800

Hi,

i created the following function :
-- Function: immense.sp_a_001(username "varchar", pwd "varchar")
-- DROP FUNCTION immense.sp_a_001(username "varchar", pwd "varchar");


CREATE OR REPLACE FUNCTION immense.sp_a_001(username "varchar", pwd
"varchar")
 RETURNS int4 AS
$BODY$

DECLARE
myrec immense.accounts%ROWTYPE;
count INTEGER := 0;
/**************************************/

BEGIN

FOR myrec IN
 SELECT * FROM immense.accounts WHERE account_login=$1 and account_pwd=$2
LOOP
  count := count + 1;
END LOOP;
RETURN count;

END;

$BODY$
 LANGUAGE 'plpgsql' VOLATILE;
ALTER FUNCTION immense.sp_a_001(username "varchar", pwd "varchar") OWNER TO
immensesk;
GRANT EXECUTE ON FUNCTION immense.sp_a_001(username "varchar", pwd
"varchar") TO immensesk;

However, postgreSQL add automatically the following line to each procedure
and i do not know why ?
GRANT EXECUTE ON FUNCTION immense.sp_a_001(username "varchar", pwd
"varchar") TO public;

normally, in such case (i mean without granted execution right to public on
this procedure), only immensesk user should be able to run it... so why such
thing ?
it is not secured...

or is there something i missed ?

--
Alain
------------------------------------
Windows XP SP2
PostgreSQL 8.1.4
Apache 2.0.58
PHP 5

[GENERAL] question about stored procedure / function

Reply via email to