Re: SQL-standard function bodies and creating SECURITY DEFINER routines securely
| От | Erki Eessaar |
|---|---|
| Тема | Re: SQL-standard function bodies and creating SECURITY DEFINER routines securely |
| Дата | |
| Msg-id | AM9PR01MB8268561F390A27AE8C56F9B6FE5F9@AM9PR01MB8268.eurprd01.prod.exchangelabs.com обсуждение исходный текст |
| Ответ на | Re: SQL-standard function bodies and creating SECURITY DEFINER routines securely (Bruce Momjian <bruce@momjian.us>) |
| Список | pgsql-docs |
Hello
Another example where explicit search path is needed.
CREATE TABLE public.B(b INTEGER);
SELECT * FROM pg_temp.B;
CREATE TABLE pg_temp.B(b INTEGER);
CREATE OR REPLACE FUNCTION f3 () RETURNS VOID
LANGUAGE sql SECURITY DEFINER
BEGIN ATOMIC
INSERT INTO B(b) VALUES (1);
END;
SELECT f3();
SELECT * FROM public.B;
/*Result has 0 rows.*/
/*Result has 1 row. Function f3 was associated with pg_temp.B because
f3() did not have explicitly set search path.*/
I see now that there are multiple reasons why to still use search path. I agree now that this extra paragaraph is perhaps too confusing and is not needed.
Best regards
Erki Eessaar
From: Bruce Momjian <bruce@momjian.us>
Sent: Friday, October 7, 2022 4:35 PM
To: Erki Eessaar <erki.eessaar@taltech.ee>
Cc: pgsql-docs@lists.postgresql.org <pgsql-docs@lists.postgresql.org>; Noah Misch <noah@leadboat.com>; Peter Eisentraut <peter.eisentraut@enterprisedb.com>
Subject: Re: SQL-standard function bodies and creating SECURITY DEFINER routines securely
Sent: Friday, October 7, 2022 4:35 PM
To: Erki Eessaar <erki.eessaar@taltech.ee>
Cc: pgsql-docs@lists.postgresql.org <pgsql-docs@lists.postgresql.org>; Noah Misch <noah@leadboat.com>; Peter Eisentraut <peter.eisentraut@enterprisedb.com>
Subject: Re: SQL-standard function bodies and creating SECURITY DEFINER routines securely
On Fri, Oct 7, 2022 at 08:05:36AM +0000, Erki Eessaar wrote:
> Hello
>
> I confirmed, that setting search_path is indeed sometimes needed in case of
> SECURITY DEFINER routines that have SQL-standard bodies. See an example at the
> end of the letter.
>
> I suggest the following paragraph to the documentation:
>
> Starting from PostgreSQL 14 SQL-standard bodies can be used in SQL-language
> functions. This form tracks dependencies between the function and objects used
> in the function body. However, there is still a possibility that such function
> calls other code that reacts to search path. Thus, as a best practice, SECURITY
> DEFINER functions with SQL-standard bodies should also override search_path.
I think this gets back to what Noah said about this section not needing
to explain all the details but rather give general guidance. I am not
sure adding the reasons for _why_ you should use search path for
SQL-standard bodies is really adding anything. Noah, is that accurate?
--
Bruce Momjian <bruce@momjian.us> https://momjian.us
EDB https://enterprisedb.com
Indecision is a decision. Inaction is an action. Mark Batterson
> Hello
>
> I confirmed, that setting search_path is indeed sometimes needed in case of
> SECURITY DEFINER routines that have SQL-standard bodies. See an example at the
> end of the letter.
>
> I suggest the following paragraph to the documentation:
>
> Starting from PostgreSQL 14 SQL-standard bodies can be used in SQL-language
> functions. This form tracks dependencies between the function and objects used
> in the function body. However, there is still a possibility that such function
> calls other code that reacts to search path. Thus, as a best practice, SECURITY
> DEFINER functions with SQL-standard bodies should also override search_path.
I think this gets back to what Noah said about this section not needing
to explain all the details but rather give general guidance. I am not
sure adding the reasons for _why_ you should use search path for
SQL-standard bodies is really adding anything. Noah, is that accurate?
--
Bruce Momjian <bruce@momjian.us> https://momjian.us
EDB https://enterprisedb.com
Indecision is a decision. Inaction is an action. Mark Batterson
В списке pgsql-docs по дате отправления: