Zeugswetter Andreas SB SD writes:
> > What about requiring ownership of at least one
> > of the types?
>
> I was thinking that too, but, would it be possible to circumvent such
> a restriction with a "type in the middle" attack ?
> Create your own type and then
> 1. (auto)cast type1 to own type
Tom Lane writes:
> What about requiring ownership of at least one of the types?
Yes, that would work.
There would be a somewhat bizzare consequence, though: User U1 creates
type T1, user U2 creates type T2. Then user U1 creates a cast from T1 to
T2. Now user U2 would be allowed to drop that
Tom wrote:
> Peter Eisentraut <[EMAIL PROTECTED]> writes:
> > That doesn't quite work, because then no ordinary user can define a cast
> > from some built-in type to his own type. What I'm thinking about is to
> > implement the USAGE privilege on types, and then you need to have that to
> > be a
Peter Eisentraut <[EMAIL PROTECTED]> writes:
> That doesn't quite work, because then no ordinary user can define a cast
> from some built-in type to his own type. What I'm thinking about is to
> implement the USAGE privilege on types, and then you need to have that to
> be allowed to create casts
Tom Lane writes:
> I looked through your CREATE CAST commit a little. Looks pretty good
> but I had a few suggestions/concerns.
>
> * The biggie is that I'm not satisfied with the permissions checking.
Me neither. I had sent a message earlier about this but it went
unnoticed, but I had to impl
