Tom Lane wrote:
Zdenek Kotala <[EMAIL PROTECTED]> writes:
I have a question about what does happen if search path is not defined for SECURITY DEFINER function. My expectation is that SECURITY DEFINER function should defined empty search patch in this case.

Your expectation is incorrect.  We are not in the business of breaking
every application in sight, which is what that would do.

Oh. I see. In this point of view I suggest to add some warning about potential security issue if SECURITY DEFINER function will create without preset search_path. I'm aware that a lot of developer forget to modify their application.


---------------------------(end of broadcast)---------------------------
TIP 7: You can help support the PostgreSQL project by donating at


Reply via email to