Re: DROP TABLE can be issued by schema owner as well as table owner

Поиск
Список
Период
Сортировка
От Derrick Rice
Тема Re: DROP TABLE can be issued by schema owner as well as table owner
Дата
Msg-id BANLkTimfjeEE-2EVnghk0HPynMNvMpMFmQ@mail.gmail.com
обсуждение исходный текст
Ответ на Re: DROP TABLE can be issued by schema owner as well as table owner  (Guillaume Lelarge <guillaume@lelarge.info>)
Ответы Re: DROP TABLE can be issued by schema owner as well as table owner  (Alvaro Herrera <alvherre@commandprompt.com>)
Список pgsql-docs
Дерево обсуждения


On Fri, May 20, 2011 at 12:18 PM, Guillaume Lelarge <guillaume@lelarge.info> wrote:
Well, for a specific object, any superuser, the database owner, the
schema owner, and the object owner could drop the object. This is not a
vulnerability.

It is not documented clearly.  Any information not made clear is an opportunity for an error which leads to a vulnerability.

It is not a vulnerability in postgresql itself.  It is a vulnerability in an ill-designed system, which can come about due to misinformation / lack of clarity.

Putting your first sentence ("For a specific object, any superuser, the database owner, the schema owner, and the object owner could drop the object.") in the documentation would remove the opportunity for error.

В списке pgsql-docs по дате отправления:

Предыдущее
От: Guillaume Lelarge
Дата:
Сообщение: Re: DROP TABLE can be issued by schema owner as well as table owner
Следующее
От: Alvaro Herrera
Дата:
Сообщение: Re: DROP TABLE can be issued by schema owner as well as table owner