Tom Lane wrote:
Martijn van Oosterhout <kleptog@svana.org> writes:
The trigger never runs as the owner of the table AIUI, only ever as the
definer of the function or as session user.
Yeah. This might itself be seen as a bug: I think you could make a
reasonable case that the default behavior ought to be to run as the
table owner (but still overridable if trigger function is SECURITY
DEFINER, of course). In the current situation a table owner can use
a trigger function as a trojan horse against anyone modifying the
table.
Is this true for on-select rules too? In that case, couldn't any
user run his code as postmaster by creating an appropriate on-select
rule and waiting until somebody/cron backups the database using pg_dump?
Or is pg_dump smart enough to skip dumping tables with on-select rules?
greetings, Florian Pflug
---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to [EMAIL PROTECTED] so that your
message can get through to the mailing list cleanly
