* Pavel Stehule (pavel.steh...@gmail.com) wrote: > 2009/10/19 Stephen Frost <sfr...@snowman.net>: > > * Pavel Stehule (pavel.steh...@gmail.com) wrote: > >> Superuser permission could not be a problem. Simple security definer > >> function can do it. > > > > Then you've defeated the point of making it superuser-only. > > no. Because when I write security definer function, then I explicitly > allow an writing for some roles. When I don't write this function, > then GUC is secure.
And what happens when those 'some roles' are used by broken applications? You don't get to say "make it superuser only" and then turn around and tell people to hack around the fact that it's superuser only to be able to use it. That's not a solution. Stephen
signature.asc
Description: Digital signature