Re: Restrict ALTER FUNCTION CALLED ON NULL INPUT (was Re: Not quite a security hole: CREATE LANGUAGE for non-superusers)
Kevin Grittner <kevin.grittner@wicourts.gov>
From: "Kevin Grittner" <Kevin.Grittner@wicourts.gov>
To: "Stephen Frost" <sfrost@snowman.net>,
"Tom Lane" <tgl@sss.pgh.pa.us>
Cc: "Robert Haas" <robertmhaas@gmail.com>, "Noah Misch" <noah@leadboat.com>,<pgsql-hackers@postgresql.org>
Date: 2012-06-12T21:08:09Z
Lists: pgsql-hackers
>Stephen Frost <sfrost@snowman.net> wrote: > If we had an independent way to have the function run as a > specific user, where that user DIDN'T own the function, I think > Kevin's use case would be satisfied. I agree. I'm not sure quite what that would look like, but maybe SECURITY ROLE <rolename> or some such could be an alternative to SECURITY INVOKER and SECURITY DEFINER. (I haven't looked to see what the standard has here.) -Kevin