Tom Lane writes:
Okay, I've thought of one: consider the situation where you want to
label each row in a table with the ID of the user who inserted it.
Right now, you can do
...,
who namedefault current_user,
...
or for greater security use a trigger to set the
I said:
And I have not yet been able to think of a concrete case where the
existing behavior (execute as calling user) is better.
Okay, I've thought of one: consider the situation where you want to
label each row in a table with the ID of the user who inserted it.
Right now, you can do
On Sat, Nov 02, 2002 at 01:01:11 -0500,
Tom Lane [EMAIL PROTECTED] wrote:
The example of a serial column (DEFAULT nextval('foo_seq')) seems
compelling. You do not really want to grant general-purpose UPDATE
rights on foo_seq to everyone you might allow to INSERT into your
table.
If it is
I think we open up more security problems by having the inserter doing
things as the owner of the table.
---
Bruno Wolff III wrote:
On Wed, Oct 30, 2002 at 14:03:21 -0600,
While I am not sure about triggers, it
On Fri, Nov 01, 2002 at 21:35:40 -0500,
Bruce Momjian [EMAIL PROTECTED] wrote:
I think we open up more security problems by having the inserter doing
things as the owner of the table.
With triggers it is a bit hard to decide. Since people other than the
table owner can create them, but then
The problem is that the more complex you make things, the easier it is
to make a mistake. That's why I like our simpler model unless there is
a glaring problem with it.
---
Bruno Wolff III wrote:
On Fri, Nov 01, 2002 at
Bruce Momjian [EMAIL PROTECTED] writes:
The problem is that the more complex you make things, the easier it is
to make a mistake. That's why I like our simpler model unless there is
a glaring problem with it.
I think Bruno's got a good point. The implementation would be kind of
painful, so
On Wed, Oct 30, 2002 at 14:03:21 -0600,
While I am not sure about triggers, it certainly is possible to get
a similar effect be having the referenced function run with the security
of the definer.
I read some more on triggers and found that according to the documentation,
they appear to run
On Wed, Oct 30, 2002 at 08:27:37 -0600,
Bruno Wolff III [EMAIL PROTECTED] wrote:
Do default expressions execute with access of the user doing the insert
or the owner of the table?
What I was thinking was that the owner of a table may want to allow people
to do inserts into a table and update
