Commit95d951b

committed

revert "warn of SECURITY DEFINER schemas for non-sql_body funcs"

doc revert of commit1703726. Change was applied to irrelevantbranches, and was not detailed enough to be helpful in relevantbranches.Reported-by: Peter Eisentraut, Noah MischDiscussion:https://postgr.es/m/a2dc9de4-24fc-3222-87d3-0def8057d7d8@enterprisedb.comBackpatch-through: 10

1 parent84f8e40 commit95d951bCopy full SHA for 95d951b

File tree

-4

lines changed

-4

lines changed

Lines changed: 1 addition & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -729,10 +729,7 @@ SELECT * FROM dup(42);`
`729`	`729`	`<para>`
`730`	`730`	`Because a <literal>SECURITY DEFINER</literal> function is executed`
`731`	`731`	`with the privileges of the user that owns it, care is needed to`
`732`		`- ensure that the function cannot be misused. This is particularly`
`733`		`- important for non-<replaceable>sql_body</replaceable> functions because`
`734`		`- their function bodies are evaluated at run-time, not creation time.`
`735`		`- For security,`
	`732`	`+ ensure that the function cannot be misused. For security,`
`736`	`733`	`<xref linkend="guc-search-path"/> should be set to exclude any schemas`
`737`	`734`	`writable by untrusted users. This prevents`
`738`	`735`	`malicious users from creating objects (e.g., tables, functions, and`

Comments

(0)