[postgis-tickets] [PostGIS] #2258: ST_Estimated_Extent assumes postgis is installed in public
PostGIS
trac at osgeo.org
Wed Apr 3 10:27:28 PDT 2013
#2258: ST_Estimated_Extent assumes postgis is installed in public
-----------------------------------+----------------------------------------
Reporter: robe | Owner: strk
Type: defect | Status: new
Priority: blocker | Milestone: PostGIS 2.1.0
Component: build/upgrade/install | Version: trunk
Keywords: |
-----------------------------------+----------------------------------------
Comment(by robe):
strk,
How about we just take off the SECURITY DEFINER off this function and also
remove public.
The ST_EstimatedExtent function already has SECURITY DEFINER on it, so
anyone running a hacked function will only do as much harm as they are
allowed, and the right function will continue to use the elevated
privileges of the definer.
--
Ticket URL: <http://trac.osgeo.org/postgis/ticket/2258#comment:4>
PostGIS <http://trac.osgeo.org/postgis/>
The PostGIS Trac is used for bug, enhancement & task tracking, a user and developer wiki, and a view into the subversion code repository of PostGIS project.
More information about the postgis-tickets
mailing list