May 2018
Intermediate to advanced
576 pages
30h 25m
English
When a function defined with security definer is called, PostgreSQL changes the session's rights to those of the user who defined the function while that function is being executed.
So, when bob executes the copy_from(tablename, filepath) function, bob is effectively promoted to superuser for the time the function is running.
This behavior is similar to the setuid flag in Unix systems, where you can have a program that can be run by anybody (with execute access) as the owner of that program. It also carries similar risks.