Of course you can still sort of see the SQL used in functions declared
SECURITY DEFINER, using debug_print_parse, but this would be opening
up a much more transparent way to do it.
Do I need to worry about this?
Dean
----------------------------------------
> Date: Wed, 9 Jul 2008 14:22:45 +0300
> From: markokr@gmail.com
> To: itagaki.takahiro@oss.ntt.co.jp
> Subject: Re: [HACKERS] Auto-explain patch
> CC: dean_rasheed@hotmail.com; simon@2ndquadrant.com; pgsql-hackers@postgresql.org
>
> On 7/9/08, ITAGAKI Takahiro wrote:
>> Dean Rasheed wrote:
>>> * client_sql_trace = on | off - settable by a normal user to allow a
>> > client session to see the sql_trace output. If this parameter is on,
>> > the sql_trace will be logged as NOTICE output.
>>
>>
>> In terms of security, is it ok to show normal users SQLs used in functions
>> that are owned by other users? Users can call not-owned functions only if
>> they have EXECUTE privilege on them. -- presently we can see function
>> bodies from pg_proc.prosrc freely, though.
>
> Different owner is not a problem, but SECURITY DEFINER may be.
>
> That can be solved by turning the setting off on entry to such function,
> by non-superuser. Like we handle search_path.
>
> --
> marko
_________________________________________________________________
Find the best and worst places on the planet
http://clk.atdmt.com/UKM/go/101719807/direct/01/