I think we open up more security problems by having the inserter doing
things as the owner of the table.
---------------------------------------------------------------------------
Bruno Wolff III wrote:
> On Wed, Oct 30, 2002 at 14:03:21 -0600,
> >
> > While I am not sure about triggers, it certainly is possible to get
> > a similar effect be having the referenced function run with the security
> > of the definer.
>
> I read some more on triggers and found that according to the documentation,
> they appear to run as the user doing the insert, update or delete and
> are specifically noted to be dangerous. And while using the execute as
> definer can allow a trigger writer to provide limited access to the invoker,
> it doesn't protect the invoker from the trigger writer. It seems unlikely
> that triggers should be doing things to objects that the trigger owner
> doesn't have rights to. And this might be another place where using the
> access of the owner would be better than using that of the invoker.
>
> ---------------------------(end of broadcast)---------------------------
> TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org
>
-- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610)
359-1001+ If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square,
Pennsylvania19073