On Fri, Feb 19, 2021 at 4:21 PM Tom Lane wrote:
>
> Yeah, that would be slightly safer. If the public schema is
> world-writable, though, you're in big trouble anyway ...
>
>
Sorry, you lost me with the last sentence. My scenario is that public
_isn't_ world-writable. But everyone can set thei
Ken Tanzer writes:
> One thing about the search path though, regarding pg_temp. If I add a
> SET search_path = public;
> Do I need instead to specify "public, pg_temp" to prevent it from being
> (silently) at the beginning?
Yeah, that would be slightly safer. If the public schema is
world-writa
On Fri, Feb 19, 2021 at 3:22 PM Tom Lane wrote:
> Ken Tanzer writes:
> > On Thu, Feb 18, 2021 at 8:44 PM Tom Lane wrote:
> >> There was a security change to pg_dump a few years ago to make it
> >> put "set search_path = pg_catalog" into the dump script. This
> >> basically means that any user-
Ken Tanzer writes:
> On Thu, Feb 18, 2021 at 8:44 PM Tom Lane wrote:
>> There was a security change to pg_dump a few years ago to make it
>> put "set search_path = pg_catalog" into the dump script. This
>> basically means that any user-defined function in indexes, check
>> constraints, etc is on
On Thu, Feb 18, 2021 at 8:44 PM Tom Lane wrote:
> Ken Tanzer writes:
> > I'm not sure what you mean or are suggesting by that. Is there something
> > I'm supposed to do to set the search path? Is that a known bug in
> > pg_dump? Something else? As mentioned, there is only one schema
>
>
Ken Tanzer writes:
> I'm not sure what you mean or are suggesting by that. Is there something
> I'm supposed to do to set the search path? Is that a known bug in
> pg_dump? Something else? As mentioned, there is only one schema
There was a security change to pg_dump a few years ago to mak
> On Feb 18, 2021, at 8:00 PM, Ken Tanzer wrote:
>
>
>
>
>> On Thu, Feb 18, 2021 at 5:23 PM Rob Sargent wrote:
>>
>> >
>> > There is only one schema, public.
>> >
>> >
>>
>> I suspect it is because "set role" doesn't "set search_path"
>>
>>
> I'm not sure what you mean or are sugges
On Thu, Feb 18, 2021 at 5:23 PM Rob Sargent wrote:
>
> >
> > There is only one schema, public.
> >
> >
>
> I suspect it is because "set role" doesn't "set search_path"
>
>
> I'm not sure what you mean or are suggesting by that. Is there something
I'm supposed to do to set the search path? Is th
On 2/18/21 6:18 PM, Ken Tanzer wrote:
Hi. I'm trying to do a data dump with pg_dump using RLS and --set-role,
but am getting an error, and I'm not understanding why. With this
command, run as postgres:
pg_dump -p 5433 -O --role=rcafe_TACOMA --enable-row-security
--column-inserts -a -f ~/a
