Re: lastval exposes information that currval does not
| От | Joshua D. Drake |
|---|---|
| Тема | Re: lastval exposes information that currval does not |
| Дата | |
| Msg-id | 200607051757.08827.jd@commandprompt.com обсуждение исходный текст |
| Ответ на | Re: lastval exposes information that currval does not (Phil Frost <indigo@bitglue.com>) |
| Ответы |
Re: lastval exposes information that currval does not
|
| Список | pgsql-hackers |
> I am well aware of what security definer means. The significant part of
> this example is that lastval() will allow the caller to see the value of
> a sequence where currval('seq') will not. This means that things which
> might have been forbidden in 8.0 are now accessible in 8.1.
>
> It also means that revoking usage on a schema is not sufficient to
> prevent a user from accessing things within that schema, a property that
> makes me quite uncomfortable.
Then the public schema must drive you nuts :). If you were to create the
function as a non-super user you would probably be good.
Joshua D. Drake
>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/docs/faq
-- === The PostgreSQL Company: Command Prompt, Inc. ===
Sales/Support: +1.503.667.4564 || 24x7/Emergency: +1.800.492.2240 Providing the most comprehensive PostgreSQL
solutionssince 1997 http://www.commandprompt.com/
В списке pgsql-hackers по дате отправления: