First, I asked about this on #postgresql, and I realize that this request
would be a low priority item. Yet, it would be an improvement for security
reasons.
When creating a function using EXTERNAL SECURITY DEFINER, by default PUBLIC
has execute privileges on it. That's unexpected given that when I create a
new table, PUBLIC doesn't have any privileges on it. It's also not a secure
default.
My request is to allow changing default permissions for function creation, a
la "umask", or at least not give PUBLIC execute permissions by default. I
am aware that it is possible to wrap the create function statement with the
necessary grants/revokes inside a transaction, as a work-around, but it is
not obvious and makes things unnecessarily inconvenient. This increases the
chances of beginner and even medium-skill admins to get their security
wrong.
Thanks,
Pascal Meunier
Purdue University CERIAS
---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match
