Commitb6fe152

committed

doc: warn of SECURITY DEFINER schemas for non-sql_body functions

Non-sql_body functions are evaluated at runtime.Reported-by: Erki EessaarDiscussion:https://postgr.es/m/AM9PR01MB8268BF5E74E119828251FD34FE409@AM9PR01MB8268.eurprd01.prod.exchangelabs.comBackpatch-through: 10

1 parentc7dbe90 commitb6fe152Copy full SHA for b6fe152

File tree

-1

lines changed

-1

lines changed

Lines changed: 4 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -729,7 +729,10 @@ SELECT * FROM dup(42);`
`729`	`729`	`<para>`
`730`	`730`	`Because a <literal>SECURITY DEFINER</literal> function is executed`
`731`	`731`	`with the privileges of the user that owns it, care is needed to`
`732`		`- ensure that the function cannot be misused. For security,`
	`732`	`+ ensure that the function cannot be misused. This is particularly`
	`733`	`+ important for non-<replaceable>sql_body</replaceable> functions because`
	`734`	`+ their function bodies are evaluated at run-time, not creation time.`
	`735`	`+ For security,`
`733`	`736`	`<xref linkend="guc-search-path"/> should be set to exclude any schemas`
`734`	`737`	`writable by untrusted users. This prevents`
`735`	`738`	`malicious users from creating objects (e.g., tables, functions, and`

Comments

(0)