Re: My first patch! (to \df output)
postgresql@thewickedtribe.net
From: Jon Erdman <postgresql@thewickedtribe.net>
To: Pavel Stehule <pavel.stehule@gmail.com>
Cc: pgsql-hackers@postgresql.org
Date: 2012-11-09T19:53:20Z
Lists: pgsql-hackers
Attachments
- describe.patch (application/octet-stream) patch
- (unnamed) (text/plain)
On Oct 27, 2012, at 10:45 AM, Pavel Stehule <pavel.stehule@gmail.com> wrote: > Hello > > 2012/10/27 Jon Erdman <postgresql@thewickedtribe.net>: >> >> Hello Hackers! >> >> So, currently the only way to see if a function is security definer or not is to directly query pg_proc. This is both irritating, and I think perhaps dangerous since security definer functions can be so powerful. I thought that rectifying that would make an excellent first patch, and I was bored today here in Prague since pgconf.eu is now over...so here it is. :) >> >> This patch adds a column to the output of \df titled "Security" with values of "definer" or "invoker" based on the boolean secdef column from pg_proc. I've also included a small doc patch to match. This patch is against master from git. Comments welcome! >> >> I just realized I didn't address regression tests, so I guess this is not actually complete yet. I should have time for that next week after I get back to the states. >> >> I would also like to start discussion about perhaps adding a couple more things to \df+, specifically function execution permissions (which are also exposed nowhere outside the catalog to my knowledge), and maybe search_path since that's related to secdef. Thoughts? > > I prefer show this in \dt+ for column "Security" - and for other > functionality maybe new statement. I'm assuming you meant "\df+", and I've changed it accordingly. With this change there is now nothing to change in the regression tests, so please consider this my formal and complete submission.