Re: Function script generator lacks revoke from public for ACL {postgres=X/postgres} -functions

Поиск
Список
Период
Сортировка
От Guillaume Lelarge
Тема Re: Function script generator lacks revoke from public for ACL {postgres=X/postgres} -functions
Дата
Msg-id 4D9F6DA3.2000505@lelarge.info
обсуждение исходный текст
Ответ на Function script generator lacks revoke from public for ACL {postgres=X/postgres} -functions  ("Knut P. Lehre" <knutpl@broadpark.no>)
Ответы Re: Function script generator lacks revoke from public for ACL {postgres=X/postgres} -functions
Список pgadmin-hackers
Le 08/04/2011 20:07, Knut P. Lehre a écrit :
> It is dangerous when working with security definer functions that the pgAdmin3
> script creator does not include a "revoke from public" for functions with e.g.
> ACL postgres=X/postgres (at least in version 1.10.1). If you use this script to
> copy a function definition, then you will get public execute granted to that
> function.

Sure. That's the usual behaviour of PostgreSQL. So I don't get why
pgAdmin should do otherwise. We can of course allow the user to
automatically revoke public permissions on this kind of functions, if a
user clicks a checkbox for example (just like we do to automatically add
an index for foreign keys).

> pg_dump adds a revoke from public in this case. Is this missing revoke in
> pgAdmin3 intentional or was it forgotten?

Neither intentional nor forgotten. I don't think anyone ever thought
about it.

BTW, I don't know where you saw/heard/read that pg_dump adds a revoke
from public in this particular case, but it doesn't, AFAICT.


--
Guillaume
 http://www.postgresql.fr
 http://dalibo.com

В списке pgadmin-hackers по дате отправления:

Предыдущее
От: "Knut P. Lehre"
Дата:
Сообщение: Function script generator lacks revoke from public for ACL {postgres=X/postgres} -functions
Следующее
От: Guillaume Lelarge
Дата:
Сообщение: Re: Rework on the dialogs UI