On Thu, Jul 11, 2019 at 3:16 PM Dave Cramer <p...@fastcrypt.com> wrote: > On Thu, 11 Jul 2019 at 15:07, Robert Haas <robertmh...@gmail.com> wrote: >> On Thu, Jul 11, 2019 at 2:29 PM Dave Cramer <p...@fastcrypt.com> wrote: >> > So if I understand this correctly if user bob has altered his search path >> > and there is a security-definer function called owned by him then >> > the search path will be changed for the duration of the function and >> > reported for every iteration? The implications of this are "interesting" >> > to say the least. >> >> I don't believe that it matters what search path has been set using >> ALTER USER bob. > > Why wouldn't it ???
Because the search_path used to execute a security definer function has nothing to do with the search_path that would be applied to a new session created by bob. Unless I am confused. But you can easily test this. Just make a security-definer function that prints its search_path and experiment. I think what's going to happen is that it'll inherit the search_path from the surrounding session unless you use ALTER FUNCTION .. SET, and that ALTER USER will make no difference. Sometimes I'm wrong, though. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company
