Excerpts from Derrick Rice's message of vie may 20 12:35:24 -0400 2011:
> On Fri, May 20, 2011 at 12:18 PM, Guillaume Lelarge
> <guillaume@lelarge.info>wrote:
>
> > Well, for a specific object, any superuser, the database owner, the
> > schema owner, and the object owner could drop the object. This is not a
> > vulnerability.
> >
>
> It is not documented clearly. Any information not made clear is an
> opportunity for an error which leads to a vulnerability.
So we need a standard caveat stmt on all relevant pages? Seems
reasonable to me.
--
Álvaro Herrera <alvherre@commandprompt.com>
The PostgreSQL Company - Command Prompt, Inc.
PostgreSQL Replication, Consulting, Custom Development, 24x7 support