Skip to content

Commit f77becb

Browse files
bmomjianbmomjian
committed
revert "warn of SECURITY DEFINER schemas for non-sql_body funcs"
doc revert of commit 1703726. Change was applied to irrelevant branches, and was not detailed enough to be helpful in relevant branches. Reported-by: Peter Eisentraut, Noah Misch Discussion: https://postgr.es/m/a2dc9de4-24fc-3222-87d3-0def8057d7d8@enterprisedb.com Backpatch-through: 10
1 parent 0937f6d commit f77becb

File tree

1 file changed

+1
-4
lines changed

1 file changed

+1
-4
lines changed

doc/src/sgml/ref/create_function.sgml

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -779,10 +779,7 @@ SELECT * FROM dup(42);
779779
<para>
780780
Because a <literal>SECURITY DEFINER</literal> function is executed
781781
with the privileges of the user that owns it, care is needed to
782-
ensure that the function cannot be misused. This is particularly
783-
important for non-<replaceable>sql_body</replaceable> functions because
784-
their function bodies are evaluated at run-time, not creation time.
785-
For security,
782+
ensure that the function cannot be misused. For security,
786783
<xref linkend="guc-search-path"/> should be set to exclude any schemas
787784
writable by untrusted users. This prevents
788785
malicious users from creating objects (e.g., tables, functions, and

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy