I think we open up more security problems by having the inserter doing things as the owner of the table.
--------------------------------------------------------------------------- Bruno Wolff III wrote: > On Wed, Oct 30, 2002 at 14:03:21 -0600, > > > > While I am not sure about triggers, it certainly is possible to get > > a similar effect be having the referenced function run with the security > > of the definer. > > I read some more on triggers and found that according to the documentation, > they appear to run as the user doing the insert, update or delete and > are specifically noted to be dangerous. And while using the execute as > definer can allow a trigger writer to provide limited access to the invoker, > it doesn't protect the invoker from the trigger writer. It seems unlikely > that triggers should be doing things to objects that the trigger owner > doesn't have rights to. And this might be another place where using the > access of the owner would be better than using that of the invoker. > > ---------------------------(end of broadcast)--------------------------- > TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED] > -- Bruce Momjian | http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073 ---------------------------(end of broadcast)--------------------------- TIP 4: Don't 'kill -9' the postmaster
