[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Proposal for 2.0: SODA 2.0



Chris Travers wrote:
I am going to make another suggestion here.  We should probably
suggest that no reporting functions should run as security definer.
This allows the same data to be accessed relationally as would be
retrieved by the function.

I'd like to see the project go one step further and declare that no read-access functions should run as SECURITY DEFINER, only write-access functions.

I can't think of any real-world example I've ever run into where column-level permission granularity couldn't solve this. (Well, except for really badly-designed databases that needed, effectively, row-level security!)

And there shouldn't be any functions that both read and write (I think).

--
-Adam Thompson
 <..hidden..>
 (204) 291-7950