Commitf77becb

committed

revert "warn of SECURITY DEFINER schemas for non-sql_body funcs"

doc revert of commit1703726. Change was applied to irrelevantbranches, and was not detailed enough to be helpful in relevantbranches.Reported-by: Peter Eisentraut, Noah MischDiscussion:https://postgr.es/m/a2dc9de4-24fc-3222-87d3-0def8057d7d8@enterprisedb.comBackpatch-through: 10

1 parent0937f6d commitf77becbCopy full SHA for f77becb

File tree

-4

lines changed

-4

lines changed

Lines changed: 1 addition & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -779,10 +779,7 @@ SELECT * FROM dup(42);`
`779`	`779`	`<para>`
`780`	`780`	`Because a <literal>SECURITY DEFINER</literal> function is executed`
`781`	`781`	`with the privileges of the user that owns it, care is needed to`
`782`		`- ensure that the function cannot be misused. This is particularly`
`783`		`- important for non-<replaceable>sql_body</replaceable> functions because`
`784`		`- their function bodies are evaluated at run-time, not creation time.`
`785`		`- For security,`
	`782`	`+ ensure that the function cannot be misused. For security,`
`786`	`783`	`<xref linkend="guc-search-path"/> should be set to exclude any schemas`
`787`	`784`	`writable by untrusted users. This prevents`
`788`	`785`	`malicious users from creating objects (e.g., tables, functions, and`

Comments

(0)