diff options
| author | Noah Misch | 2015-09-21 00:45:41 +0000 |
|---|---|---|
| committer | Pavan Deolasee | 2016-10-26 07:59:02 +0000 |
| commit | 074c2c1bb2605c1f34cf61f29c94cf2a352f6f27 (patch) | |
| tree | 06faf110dcd8daf4baf36ec47d5d74f4194d4663 /src/timezone/localtime.c | |
| parent | 46a5cfb74e863b26a131c58d3b389dd5f2bfb707 (diff) | |
Remove the row_security=force GUC value.
Every query of a single ENABLE ROW SECURITY table has two meanings, with
the row_security GUC selecting between them. With row_security=force
available, every function author would have been advised to either set
the GUC locally or test both meanings. Non-compliance would have
threatened reliability and, for SECURITY DEFINER functions, security.
Authors already face an obligation to account for search_path, and we
should not mimic that example. With this change, only BYPASSRLS roles
need exercise the aforementioned care. Back-patch to 9.5, where the
row_security GUC was introduced.
Since this narrows the domain of pg_db_role_setting.setconfig and
pg_proc.proconfig, one might bump catversion. A row_security=force
setting in one of those columns will elicit a clear message, so don't.
Diffstat (limited to 'src/timezone/localtime.c')
0 files changed, 0 insertions, 0 deletions