Of course you can still sort of see the SQL used in functions declared SECURITY DEFINER, using debug_print_parse, but this would be opening up a much more transparent way to do it.
Do I need to worry about this? Dean ---------------------------------------- > Date: Wed, 9 Jul 2008 14:22:45 +0300 > From: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > Subject: Re: [HACKERS] Auto-explain patch > CC: [EMAIL PROTECTED]; [EMAIL PROTECTED]; pgsql-hackers@postgresql.org > > On 7/9/08, ITAGAKI Takahiro wrote: >> Dean Rasheed wrote: >>> * client_sql_trace = on | off - settable by a normal user to allow a >> > client session to see the sql_trace output. If this parameter is on, >> > the sql_trace will be logged as NOTICE output. >> >> >> In terms of security, is it ok to show normal users SQLs used in functions >> that are owned by other users? Users can call not-owned functions only if >> they have EXECUTE privilege on them. -- presently we can see function >> bodies from pg_proc.prosrc freely, though. > > Different owner is not a problem, but SECURITY DEFINER may be. > > That can be solved by turning the setting off on entry to such function, > by non-superuser. Like we handle search_path. > > -- > marko _________________________________________________________________ Find the best and worst places on the planet http://clk.atdmt.com/UKM/go/101719807/direct/01/ -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
