'Why include `pg_temp` in `search_path` at all when using SECURITY DEFINER
The docs recommend setting pg_temp as the last entry in search_path.
Why not leave it out of the list altogether? Would this accomplish the same?
Solution 1:[1]
The explanation is right in the documentation you reference:
Particularly important in this regard is the temporary-table schema, which is searched first by default, and is normally writable by anyone.
So if you don't put pg_temp on the search_path explicitly, it gets implicitly put first on the path. Than means that any temporary table (or view) that a user created manually before calling the SECURITY DEFINER function will be taken if the function uses that table name without an explicit schema qualification. So you could make the function read or write your table instead of the one it meant to use.
It is clear why that is a security problem, right?
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Laurenz Albe |