Hello 2012/10/27 Jon Erdman <postgre...@thewickedtribe.net>: > > Hello Hackers! > > So, currently the only way to see if a function is security definer or not is > to directly query pg_proc. This is both irritating, and I think perhaps > dangerous since security definer functions can be so powerful. I thought > that rectifying that would make an excellent first patch, and I was bored > today here in Prague since pgconf.eu is now over...so here it is. :) > > This patch adds a column to the output of \df titled "Security" with values > of "definer" or "invoker" based on the boolean secdef column from pg_proc. > I've also included a small doc patch to match. This patch is against master > from git. Comments welcome! > > I just realized I didn't address regression tests, so I guess this is not > actually complete yet. I should have time for that next week after I get back > to the states. > > I would also like to start discussion about perhaps adding a couple more > things to \df+, specifically function execution permissions (which are also > exposed nowhere outside the catalog to my knowledge), and maybe search_path > since that's related to secdef. Thoughts?
I prefer show this in \dt+ for column "Security" - and for other functionality maybe new statement. > > This was actually kind of anti-climactic, since it only took about 5 minutes > to make the change and get it working. Didn't really feel the way I expected > it to ;) > :) yes, hacking is funny Regards Pavel > > > -- > Jon T Erdman > Postgresql Zealot > > > > > > > > > -- > Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgsql-hackers > -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
