Tom Lane wrote:
Zdenek Kotala <[EMAIL PROTECTED]> writes:
I have a question about what does happen if search path is not defined
for SECURITY DEFINER function. My expectation is that SECURITY DEFINER
function should defined empty search patch in this case.
Your expectation is incorrect. We are not in the business of breaking
every application in sight, which is what that would do.
Oh. I see. In this point of view I suggest to add some warning about
potential security issue if SECURITY DEFINER function will create
without preset search_path. I'm aware that a lot of developer forget to
modify their application.
Zdenek
---------------------------(end of broadcast)---------------------------
TIP 7: You can help support the PostgreSQL project by donating at
http://www.postgresql.org/about/donate
