Josh Berkus <[EMAIL PROTECTED]> writes: > As said, I discussed this with Gaetano on IRC, and am not sure why things are > set up the way they are. If a user has permission on a view, shouldn't > that include permission on any functions executed by the view? If not, why > not?
Then all someone would have to do to bypass security on a function would be to define a function of their own calling it? If I execute shell script that calls a setuid root-only binary that doesn't give me permission to execute the root-only binary... -- greg ---------------------------(end of broadcast)--------------------------- TIP 6: Have you searched our list archives? http://archives.postgresql.org