"Pavel Stehule" <[EMAIL PROTECTED]> writes:
> SQL/PSM default for SQL procedures are SECURITY DEFINER (like views), but 
> PostgreSQL default is SECURITY CALLLER. Is acceptable to define security 
> flag in dependency to used language?

I'd vote no, even if Peter is wrong and you're right about what the spec
says.  A PL gets to set the rules within its function body, not outside.
Next you'll be telling us that the standard requires that the CREATE
FUNCTION not use a dollar-quoted function body ... to which the answer
will be "too bad".  I think the principle of least surprise dictates
that security properties shouldn't be inconsistent across PLs.

                        regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 2: Don't 'kill -9' the postmaster

Reply via email to