Greg, * Greg Stark (st...@mit.edu) wrote: > I tend to agree. But in the past when this came up people pointed out > you could equally do things this way and still grant all the access > you wanted using SECURITY DEFINER. Arguably that's a better approach > because then instead of auditing the entire monitor script you only > need to audit this one wrapper function, pg_ls_monitor_dir() which > just calls pg_ls_dir() on this one directory.
I'm not a fan of SECURITY DEFINER functions for this sort of thing and don't like the suggestion of simply wrapping functions that provide superuser-level access in a security definer function and then saying that giving someone access to that function isn't giving them superuser, because that's just false. Thanks! Stephen
Description: Digital signature