0

I was reading about possible security issues when creating functions in Postgres with "security definer". Official documentation suggests that search_path is set to some trusted schema followed by pg_temp. All examples I could find had pg_temp at the end. Do I have to put pg_temp at the end, what would happen if set search_path only to the trusted schema? Would it open any security holes? And why would you put pg_temp in search_path anyway?

asked Mar 23, 2020 at 23:49

1 Answer 1

2

pg_temp is always in the search path. If you don't add it to search_path parameter explicitly, it will behave as if it were there at the beginning of the setting. That means the user could create tables which masked the ones the function was supposed to operate on.

answered Mar 24, 2020 at 2:01
2
  • I have tried calling function which was in pg_temp but not in the trusted schema and got an error that function not found Commented Mar 24, 2020 at 8:24
  • "However, the temporary schema is only searched for relation (table, view, sequence, etc)" I see Commented Mar 24, 2020 at 8:30

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.