Re: setuid for defaults, constraints and triggers (Was:
От | Rod Taylor |
---|---|
Тема | Re: setuid for defaults, constraints and triggers (Was: |
Дата | |
Msg-id | 1036080932.94263.23.camel@jester обсуждение исходный текст |
Ответ на | Re: setuid for defaults, constraints and triggers (Was: What user to [sic] defaults execute as?) (Bruno Wolff III <bruno@wolff.to>) |
Ответы |
Re: setuid for defaults, constraints and triggers (Was: What user to [sic] defaults execute as?)
|
Список | pgsql-hackers |
On Thu, 2002-10-31 at 10:33, Bruno Wolff III wrote: > On Thu, Oct 31, 2002 at 10:17:26 -0500, > Rod Taylor <rbt@rbt.ca> wrote: > > Can't necessarily run them as the table owner, as it may give > > information to other users with the ability to ALTER that table. > > You have to be the table owner to alter a table. So it should be OK > to have the default expressions and check constraints run as the owner. Yes, default expressions and check constraints could possibly. However, both revoke complex expressions (no sub-selects, etc) so there is little point. Functions can already suid if you are using them in check constraints for complex lookups. An ASSERTION may be appropriate for suid, as would REFERENCES -- but only when explicitly asked for, and those should run as the constraint owner NOT as the table owner. -- Rod Taylor
В списке pgsql-hackers по дате отправления: