Abusing SECURITY DEFINER functions in PostgreSQL
by
Laurenz Albe |
05.2019UPDATED August 2023: Functions defined as SECURITY DEFINER are a powerful, but dangerous tool in PostgreSQL. The documentation warns of […]
Security and PostgreSQL - a reminder on various attack surfaces
This article gives an overview about common security problems as well as ways to mitigate these risks in PostgreSQL.
pg_permissions: Inspecting your PostgreSQL security system
pg_permissions is a tool display the security settings of your database. Get a quick overview of what's going on inside your security.
Security matters - hiding a table column - restrict column access
How to restrict column access. The best option for hiding table columns in a non-destructive way is the rule system.
Detecting fraud: Benford's law
Benford's law is a mechanism, which is widely used in many fields. Especially accounting fraud can be detected nicely using this simple law of mathematics.
Security barriers: Cheating on the planner
UPDATED Aug. 2023 - How a security barrier can theoretically be used to speed up PostgreSQL queries and to see how PG works under the hood.
Common security issues prior to PostgreSQL 15
UPDATED July 2023: How to avoid security issues in PostgreSQL prior to v15 due to the public schema. Repair the problem.
