Commit1703726

committed

doc: warn of SECURITY DEFINER schemas for non-sql_body functions

Non-sql_body functions are evaluated at runtime.Reported-by: Erki EessaarDiscussion:https://postgr.es/m/AM9PR01MB8268BF5E74E119828251FD34FE409@AM9PR01MB8268.eurprd01.prod.exchangelabs.comBackpatch-through: 10

1 parenta009cb3 commit1703726Copy full SHA for 1703726

File tree

-1

lines changed

-1

lines changed

Lines changed: 4 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -779,7 +779,10 @@ SELECT * FROM dup(42);`
`779`	`779`	`<para>`
`780`	`780`	`Because a <literal>SECURITY DEFINER</literal> function is executed`
`781`	`781`	`with the privileges of the user that owns it, care is needed to`
`782`		`- ensure that the function cannot be misused. For security,`
	`782`	`+ ensure that the function cannot be misused. This is particularly`
	`783`	`+ important for non-<replaceable>sql_body</replaceable> functions because`
	`784`	`+ their function bodies are evaluated at run-time, not creation time.`
	`785`	`+ For security,`
`783`	`786`	`<xref linkend="guc-search-path"/> should be set to exclude any schemas`
`784`	`787`	`writable by untrusted users. This prevents`
`785`	`788`	`malicious users from creating objects (e.g., tables, functions, and`

Comments

(0)