Joe Conway <[EMAIL PROTECTED]> writes:
> One question: should we provide the SECURITY DEFINER functions with 
> revoked privileges or just mention that in the docs? I was thinking 
> something along the lines of the following even for the backpatched version:

Hmm.  I guess the advantage of providing these pre-made is that it would
standardize the names to use for them, which seems like a good thing.
I'm not sure about the point of back-patching, though, since again
you're not going to be affecting the content of existing installations.

> REVOKE execute ON FUNCTION dblink_connect_u (text) FROM public;
> REVOKE execute ON FUNCTION dblink_connect_u (text, text) FROM public;

I'd write that as REVOKE ALL just to be future-proof.

                        regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 4: Have you searched our list archives?


Reply via email to