Document changes in large-object privilege checking.
Tom Lane <tgl@sss.pgh.pa.us>
Document changes in large-object privilege checking. Commit 5ecc0d738 removed the hard-wired superuser checks in lo_import and lo_export in favor of protecting them with SQL permissions, but failed to adjust the documentation to match. Fix that, and add a <caution> paragraph pointing out the nontrivial security hazards involved with actually granting such permissions. (It's still better than ALLOW_DANGEROUS_LO_FUNCTIONS, though.) Also, commit ae20b23a9 caused large object read/write privilege to be checked during lo_open() rather than in the actual read or write calls. Document that. Discussion: https://postgr.es/m/CAB7nPqRHmNOYbETnc_2EjsuzSM00Z+BWKv9sy6tnvSd5gWT_JA@mail.gmail.com
Files
| Path | Change | +/− |
|---|---|---|
| doc/src/sgml/config.sgml | modified | +0 −3 |
| doc/src/sgml/lobj.sgml | modified | +38 −4 |
Documentation touched
Discussion
- Simplify ACL handling for large objects and removal of superuser() checks 31 messages · 2017-08-14 → 2017-11-15