čt 7. 1. 2021 v 15:50 odesílatel David G. Johnston < david.g.johns...@gmail.com> napsal:
> On Thursday, January 7, 2021, Pavel Stehule <pavel.steh...@gmail.com> > wrote: > >> >> >> The vulnerability is almost the same although it is a little bit harder >> to create attack strings. >> > > Would making the function run as “security definer” and setting up a > minimal permissions user/owner help with mitigation? > yes. It is a very different usage of security definer functions, but it can work. Regards Pavel > David J. >
