Joe Conway <[EMAIL PROTECTED]> writes: > One question: should we provide the SECURITY DEFINER functions with > revoked privileges or just mention that in the docs? I was thinking > something along the lines of the following even for the backpatched version:
Hmm. I guess the advantage of providing these pre-made is that it would standardize the names to use for them, which seems like a good thing. I'm not sure about the point of back-patching, though, since again you're not going to be affecting the content of existing installations. > REVOKE execute ON FUNCTION dblink_connect_u (text) FROM public; > REVOKE execute ON FUNCTION dblink_connect_u (text, text) FROM public; I'd write that as REVOKE ALL just to be future-proof. regards, tom lane ---------------------------(end of broadcast)--------------------------- TIP 4: Have you searched our list archives? http://archives.postgresql.org