Re: Advisory on possibly insecure security definer functions
От | Merlin Moncure |
---|---|
Тема | Re: Advisory on possibly insecure security definer functions |
Дата | |
Msg-id | b42b73150702140731j536c449cn2e575de395910d1@mail.gmail.com обсуждение исходный текст |
Ответ на | Advisory on possibly insecure security definer functions (Peter Eisentraut <peter_e@gmx.net>) |
Ответы |
Re: Advisory on possibly insecure security definer functions
|
Список | pgsql-general |
On 2/13/07, Peter Eisentraut <peter_e@gmx.net> wrote: > The proper fix for this problem is to insert explicit SET search_path > commands into each affected function to produce a known safe schema > search path. Note that using the default search path, which includes a > reference to the "$user" schema, is not safe when unqualified > references are intended to be found in the "public" schema and "$user" > schemas exist or can be created by other users. It is also not > recommended to rely on rigorously schema-qualifying all function and > operator invocations in function source texts, as such measures are > likely to induce mistakes and will furthermore make the source code > harder to read and maintain. Could you clarify what functions are going to get an explicit 'set search_path'? Will this change the behavior of any userland functions? merlin
В списке pgsql-general по дате отправления: