Commit bbdc1d23 authored by Bruce Momjian's avatar Bruce Momjian

revert "warn of SECURITY DEFINER schemas for non-sql_body funcs"

doc revert of commit 1703726488.  Change was applied to irrelevant
branches, and was not detailed enough to be helpful in relevant
branches.

Reported-by: Peter Eisentraut, Noah Misch

Discussion: https://postgr.es/m/a2dc9de4-24fc-3222-87d3-0def8057d7d8@enterprisedb.com

Backpatch-through: 10
parent f1e7f25b
...@@ -779,10 +779,7 @@ SELECT * FROM dup(42); ...@@ -779,10 +779,7 @@ SELECT * FROM dup(42);
<para> <para>
Because a <literal>SECURITY DEFINER</literal> function is executed Because a <literal>SECURITY DEFINER</literal> function is executed
with the privileges of the user that owns it, care is needed to with the privileges of the user that owns it, care is needed to
ensure that the function cannot be misused. This is particularly ensure that the function cannot be misused. For security,
important for non-<replaceable>sql_body</replaceable> functions because
their function bodies are evaluated at run-time, not creation time.
For security,
<xref linkend="guc-search-path"/> should be set to exclude any schemas <xref linkend="guc-search-path"/> should be set to exclude any schemas
writable by untrusted users. This prevents writable by untrusted users. This prevents
malicious users from creating objects (e.g., tables, functions, and malicious users from creating objects (e.g., tables, functions, and
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment