NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit6fa66ec

committed

Assorted improvements to SECURITY DEFINER functions documentation.

Add a cross-reference from the part of the page that introdues SECURITYINVOKER and SECURITY DEFINER to the part of the page that talks aboutwriting SECURITY DEFINER functions safely, so that users are less likelyto miss it.Remove discussion of the pre-8.3 behavior on the theory that it'sprobably not very relevant any more, that release having gone out ofsupport nearly a decade ago.Add a mention of the new createrole_self_grant GUC, which incertain cases might need to be set to a safe value to avoidunexpected consequences.Possibly this section needs major surgery rather than just thesesmall tweaks, but hopefully this is at least a small stepforward.Discussion:http://postgr.es/m/CA+Tgmoauqd1cHQjsNEoxL5O-kEO4iC9dAPyCudSvmNqPJGmy9g@mail.gmail.com

1 parent3cdf750 commit6fa66ecCopy full SHA for 6fa66ec

File tree

1 file changed

+12

-6

lines changed

doc/src/sgml/ref
- create_function.sgml

1 file changed

+12

-6

lines changed

`‎doc/src/sgml/ref/create_function.sgml`

Lines changed: 12 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -411,7 +411,9 @@ CREATE [ OR REPLACE ] FUNCTION`
`411`	`411`	`is to be executed with the privileges of the user that calls it.`
`412`	`412`	`That is the default. <literal>SECURITY DEFINER</literal>`
`413`	`413`	`specifies that the function is to be executed with the`
`414`		`- privileges of the user that owns it.`
	`414`	`+ privileges of the user that owns it. For information on how to`
	`415`	`+ write <literal>SECURITY DEFINER</literal> functions safely,`
	`416`	`+ <link linkend="sql-createfunction-security">see below</link>.`
`415`	`417`	`</para>`
`416`	`418`
`417`	`419`	`<para>`
`@@ -776,6 +778,11 @@ SELECT * FROM dup(42);`
`776`	`778`	`<secondary>use in securing functions</secondary>`
`777`	`779`	`</indexterm>`
`778`	`780`
	`781`	`+ <indexterm>`
	`782`	`+ <primary><varname>createrole_self_grant</varname> configuration parameter</primary>`
	`783`	`+ <secondary>use in securing functions</secondary>`
	`784`	`+ </indexterm>`
	`785`	`+`
`779`	`786`	`<para>`
`780`	`787`	`Because a <literal>SECURITY DEFINER</literal> function is executed`
`781`	`788`	`with the privileges of the user that owns it, care is needed to`
`@@ -815,11 +822,10 @@ $$ LANGUAGE plpgsql`
`815`	`822`	`</para>`
`816`	`823`
`817`	`824`	`<para>`
`818`		`- Before <productname>PostgreSQL</productname> version 8.3, the`
`819`		`- <literal>SET</literal> clause was not available, and so older functions may`
`820`		`- contain rather complicated logic to save, set, and restore`
`821`		`- <varname>search_path</varname>. The <literal>SET</literal> clause is far easier`
`822`		`- to use for this purpose.`
	`825`	`+ If the security definer function intends to create roles, and if it`
	`826`	`+ is running as a non-superuser, <varname>createrole_self_grant</varname>`
	`827`	`+ should also be set to a known value using the <literal>SET</literal>`
	`828`	`+ clause.`
`823`	`829`	`</para>`
`824`	`830`
`825`	`831`	`<para>`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit6fa66ec

File tree

1 file changed

1 file changed

`‎doc/src/sgml/ref/create_function.sgml`

0 commit comments