Le 08/04/2011 20:07, Knut P. Lehre a écrit : > It is dangerous when working with security definer functions that the > pgAdmin3 > script creator does not include a "revoke from public" for functions with > e.g. > ACL postgres=X/postgres (at least in version 1.10.1). If you use this script > to > copy a function definition, then you will get public execute granted to that > function.
Sure. That's the usual behaviour of PostgreSQL. So I don't get why pgAdmin should do otherwise. We can of course allow the user to automatically revoke public permissions on this kind of functions, if a user clicks a checkbox for example (just like we do to automatically add an index for foreign keys). > pg_dump adds a revoke from public in this case. Is this missing revoke in > pgAdmin3 intentional or was it forgotten? Neither intentional nor forgotten. I don't think anyone ever thought about it. BTW, I don't know where you saw/heard/read that pg_dump adds a revoke from public in this particular case, but it doesn't, AFAICT. -- Guillaume http://www.postgresql.fr http://dalibo.com -- Sent via pgadmin-hackers mailing list ([email protected]) To make changes to your subscription: http://www.postgresql.org/mailpref/pgadmin-hackers
