Hello

2012/10/27 Jon Erdman <postgresql@thewickedtribe.net>:
Hello Hackers!

So, currently the only way to see if a function is security definer or not is to directly query pg_proc. This is both irritating, and I think perhaps dangerous since security definer functions can be so powerful. I thought that rectifying that would make an excellent first patch, and I was bored today here in Prague since pgconf.eu is now over...so here it is. :)

This patch adds a column to the output of \df titled "Security" with values of "definer" or "invoker" based on the boolean secdef column from pg_proc. I've also included a small doc patch to match. This patch is against master from git. Comments welcome!

I just realized I didn't address regression tests, so I guess this is not actually complete yet. I should have time for that next week after I get back to the states.

I would also like to start discussion about perhaps adding a couple more things to \df+, specifically function execution permissions (which are also exposed nowhere outside the catalog to my knowledge), and maybe search_path since that's related to secdef. Thoughts?
I prefer show this in \dt+ for column "Security" - and for other
functionality maybe new statement.
This was actually kind of anti-climactic, since it only took about 5 minutes to make the change and get it working. Didn't really feel the way I expected it to ;)
:) yes, hacking is funny

Regards

Pavel

--
Jon T Erdman
Postgresql Zealot








--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Search Discussions

Discussion Posts

Previous

Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 2 of 18 | next ›
Discussion Overview
grouppgsql-hackers @
categoriespostgresql
postedOct 27, '12 at 3:30p
activeJan 25, '13 at 3:26p
posts18
users8
websitepostgresql.org...
irc#postgresql

People

Translate

site design / logo © 2021 Grokbase