Robert Haas writes:
> I guess. If you search pg_temp always then it's pretty much
> impossible to avoid having a security hole, if you use any non-trivial
> SQL. But if you search pg_temp for non-SD only then you'll only have
> a security hole if you assume (presumably without testing) that the
On Sat, Nov 6, 2010 at 1:43 PM, Tom Lane wrote:
> Robert Haas writes:
>> On Sat, Nov 6, 2010 at 11:36 AM, Tom Lane wrote:
>>> Yeah, we changed that behavior as part of the fix for CVE-2007-2138.
>>> You'd need either SECURITY DEFINER functions or very careless use of
>>> SET ROLE/SET SESSION AUT
Robert Haas writes:
> On Sat, Nov 6, 2010 at 11:36 AM, Tom Lane wrote:
>> Yeah, we changed that behavior as part of the fix for CVE-2007-2138.
>> You'd need either SECURITY DEFINER functions or very careless use of
>> SET ROLE/SET SESSION AUTHORIZATION for the issue to be exploitable.
> Would it
On Sat, Nov 6, 2010 at 11:36 AM, Tom Lane wrote:
> Martijn van Oosterhout writes:
>> On Fri, Nov 05, 2010 at 09:01:50PM -0400, Robert Haas wrote:
>>> I see that there could be a problem here with SECURITY DEFINER
>>> functions, but I'm not clear whether it goes beyond that?
>
>> IIRC correctly it
Martijn van Oosterhout writes:
> On Fri, Nov 05, 2010 at 09:01:50PM -0400, Robert Haas wrote:
>> I see that there could be a problem here with SECURITY DEFINER
>> functions, but I'm not clear whether it goes beyond that?
> IIRC correctly it's because even unpriveledged users can make things in
>
On Fri, Nov 05, 2010 at 09:01:50PM -0400, Robert Haas wrote:
> On Fri, Nov 5, 2010 at 4:02 PM, Tom Lane wrote:
> > The latter is an intentional security feature and will not get changed.
>
> I see that there could be a problem here with SECURITY DEFINER
> functions, but I'm not clear whether it g
On Fri, Nov 5, 2010 at 4:02 PM, Tom Lane wrote:
> Alvaro Herrera writes:
>> A customer of ours has the need for temporary functions.
>
> You can do that now:
>
> regression=# create function pg_temp.foo(f1 int) returns int
> regression-# as 'select $1+1' language sql;
> CREATE FUNCTION
> regressi
Alvaro Herrera writes:
> A customer of ours has the need for temporary functions.
You can do that now:
regression=# create function pg_temp.foo(f1 int) returns int
regression-# as 'select $1+1' language sql;
CREATE FUNCTION
regression=# select pg_temp.foo(1);
foo
-
2
(1 row)
You do hav
On Nov 5, 2010, at 12:36 PM, Alvaro Herrera wrote:
> Hi,
>
> A customer of ours has the need for temporary functions. The use case
> is writing test cases for their databases: the idea being that their
> code creates a temp function which then goes away automatically at
> session end, just like
On 5 November 2010 20:36, Alvaro Herrera wrote:
> Hi,
>
> A customer of ours has the need for temporary functions. The use case
> is writing test cases for their databases: the idea being that their
> code creates a temp function which then goes away automatically at
> session end, just like a t
Hi,
A customer of ours has the need for temporary functions. The use case
is writing test cases for their databases: the idea being that their
code creates a temp function which then goes away automatically at
session end, just like a temp table. It's said that this makes things
generally easier
11 matches
Mail list logo
