From: | Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com> |
---|---|
To: | Jon Erdman <postgresql(at)thewickedtribe(dot)net> |
Cc: | pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: My first patch! (to \df output) |
Date: | 2012-10-27 15:45:54 |
Message-ID: | CAFj8pRBXQHfUW2KVZjGtV-jGmk6+ScN01pO6mT7fqKExEK9N2Q@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Hello
2012/10/27 Jon Erdman <postgresql(at)thewickedtribe(dot)net>:
>
> Hello Hackers!
>
> So, currently the only way to see if a function is security definer or not is to directly query pg_proc. This is both irritating, and I think perhaps dangerous since security definer functions can be so powerful. I thought that rectifying that would make an excellent first patch, and I was bored today here in Prague since pgconf.eu is now over...so here it is. :)
>
> This patch adds a column to the output of \df titled "Security" with values of "definer" or "invoker" based on the boolean secdef column from pg_proc. I've also included a small doc patch to match. This patch is against master from git. Comments welcome!
>
> I just realized I didn't address regression tests, so I guess this is not actually complete yet. I should have time for that next week after I get back to the states.
>
> I would also like to start discussion about perhaps adding a couple more things to \df+, specifically function execution permissions (which are also exposed nowhere outside the catalog to my knowledge), and maybe search_path since that's related to secdef. Thoughts?
I prefer show this in \dt+ for column "Security" - and for other
functionality maybe new statement.
>
> This was actually kind of anti-climactic, since it only took about 5 minutes to make the change and get it working. Didn't really feel the way I expected it to ;)
>
:) yes, hacking is funny
Regards
Pavel
>
>
> --
> Jon T Erdman
> Postgresql Zealot
>
>
>
>
>
>
>
>
> --
> Sent via pgsql-hackers mailing list (pgsql-hackers(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-hackers
>
From | Date | Subject | |
---|---|---|---|
Next Message | Pavel Stehule | 2012-10-27 17:23:38 | Re: proposal - assign result of query to psql variable |
Previous Message | Jon Erdman | 2012-10-27 15:30:11 | My first patch! (to \df output) |