Tom Lane wrote:
I thought about ways to include GUC settings directly into CREATE
FUNCTION, but it seemed pretty ugly and inconsistent with the
existing syntax. So I'm thinking of supporting only the above
syntaxes, meaning it'll take at least two commands to create a secure
SECURITY DEFINER function.
Comments?
I have a question about what does happen if search path is not defined
for SECURITY DEFINER function. My expectation is that SECURITY DEFINER
function should defined empty search patch in this case. This behavior
is similar to how dynamic linker processes setuid binaries - (ignoring
LD_LIBRARY_PATH and so on).
Zdenek
---------------------------(end of broadcast)---------------------------
TIP 2: Don't 'kill -9' the postmaster
