I think we open up more security problems by having the inserter doing
things as the owner of the table.


Bruno Wolff III wrote:
> On Wed, Oct 30, 2002 at 14:03:21 -0600,
> > 
> > While I am not sure about triggers, it certainly is possible to get
> > a similar effect be having the referenced function run with the security
> > of the definer.
> I read some more on triggers and found that according to the documentation,
> they appear to run as the user doing the insert, update or delete and
> are specifically noted to be dangerous. And while using the execute as
> definer can allow a trigger writer to provide limited access to the invoker,
> it doesn't protect the invoker from the trigger writer. It seems unlikely
> that triggers should be doing things to objects that the trigger owner
> doesn't have rights to. And this might be another place where using the
> access of the owner would be better than using that of the invoker.
> ---------------------------(end of broadcast)---------------------------
> TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]

  Bruce Momjian                        |  http://candle.pha.pa.us
  [EMAIL PROTECTED]               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073

---------------------------(end of broadcast)---------------------------
TIP 4: Don't 'kill -9' the postmaster

Reply via email to