"Tom Lane" <[EMAIL PROTECTED]> writes:

> Gregory Stark <[EMAIL PROTECTED]> writes:
>> I think security definer functions should automatically inherit their
>> search_path. The whole "secure by default" thing.
> This assumes that the search path at creation time has something to do
> with the path you'd like to use at execution, which is unlikely to be
> the case in existing pg_dump output, to name one example.  I don't
> really want to get into doing the above.

pg_dump will have to do a ALTER FUNCTION SET command anyways, no? So the
default search_path that gets saved doesn't really matter. In general if it's
not the search path you want at run-time you just have to change it, but you
should always have *something* set or else it's a wide open security hole.

I'm not clear why the search path at creation time is such a bad choice
anyways, it is security "definer", what's the difference between taking the
userid from the defining environment and taking the search path from the
defining environment?

  Gregory Stark
  EnterpriseDB          http://www.enterprisedb.com

---------------------------(end of broadcast)---------------------------
TIP 4: Have you searched our list archives?


Reply via email to