On Jun28, 2012, at 17:29 , Tom Lane wrote: > Kohei KaiGai <kai...@kaigai.gr.jp> writes: >> 2012/6/27 Florian Pflug <f...@phlo.org>: >>> Hm, what happens if a SECURITY DEFINER functions returns a refcursor? > >> My impression is, here is no matter even if SECURITY DEFINER function >> returns refcursor. > > I think Florian has a point: it *should* work, but *will* it? > > I believe it works today, because the executor only applies permissions > checks during query startup. So those checks are executed while still > within the SECURITY DEFINER context, and should behave as expected. > Subsequently, the cursor portal is returned to caller and caller can > execute it to completion, no problem.
Don't we (sometimes?) defer query startup to the first time FETCH is called? best regards, Florian Pflug -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers