Skip to content

Commit 1703726

Browse files
bmomjianbmomjian
committed
doc: warn of SECURITY DEFINER schemas for non-sql_body functions
Non-sql_body functions are evaluated at runtime. Reported-by: Erki Eessaar Discussion: https://postgr.es/m/AM9PR01MB8268BF5E74E119828251FD34FE409@AM9PR01MB8268.eurprd01.prod.exchangelabs.com Backpatch-through: 10
1 parent a009cb3 commit 1703726

File tree

1 file changed

+4
-1
lines changed

1 file changed

+4
-1
lines changed

doc/src/sgml/ref/create_function.sgml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -779,7 +779,10 @@ SELECT * FROM dup(42);
779779
<para>
780780
Because a <literal>SECURITY DEFINER</literal> function is executed
781781
with the privileges of the user that owns it, care is needed to
782-
ensure that the function cannot be misused. For security,
782+
ensure that the function cannot be misused. This is particularly
783+
important for non-<replaceable>sql_body</replaceable> functions because
784+
their function bodies are evaluated at run-time, not creation time.
785+
For security,
783786
<xref linkend="guc-search-path"/> should be set to exclude any schemas
784787
writable by untrusted users. This prevents
785788
malicious users from creating objects (e.g., tables, functions, and

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy