> Regarding the advisory on possibly insecure security definer functions

> that I just sent out (by overriding the search path you can make the 
> function do whatever you want with the privileges of the function 
> owner), the favored solution after some initial discussion in the core

> team was to save the search path at creation time with each function.

Have you considered hardcoding the schema for each object where it was
found at creation time ? This seems more intuitive to me. Also using a
path, leaves the possibility to inject an object into a previous schema.


---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?


Reply via email to