Excerpts from A.M.'s message of mié abr 06 19:08:35 -0300 2011: > That's really strange considering that the new role may not normally > have permission to switch to the original role. How would you handle > the case where the security definer role is not the super user?
As I said to Jeff, it's up to the creator of the wrapper function to ensure that things are safe. Perhaps this new operation should only be superuser-callable, for example. > How would you prevent general SQL attacks when manually popping the > authentication stack is allowed? The popping and pushing operations would be restricted. You can only pop a single frame, and pushing it back before returning is mandatory. -- Álvaro Herrera <alvhe...@commandprompt.com> The PostgreSQL Company - Command Prompt, Inc. PostgreSQL Replication, Consulting, Custom Development, 24x7 support -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers