diff --git a/deploy/encrypt_password.sql b/deploy/encrypt_password.sql index cd20790..937d493 100644 --- a/deploy/encrypt_password.sql +++ b/deploy/encrypt_password.sql @@ -21,6 +21,8 @@ language plpgsql; comment on function encrypt_password() is 'Encrypts and salts the input password with the blowfish encryption algorithm'; +revoke execute on function encrypt_password() from public; + create trigger encrypt_password before insert or update on "user" diff --git a/deploy/ensure_role_exists.sql b/deploy/ensure_role_exists.sql index 2b48e36..cd50fc3 100644 --- a/deploy/ensure_role_exists.sql +++ b/deploy/ensure_role_exists.sql @@ -20,6 +20,8 @@ language plpgsql; comment on function ensure_role_exists() is 'Makes sure that a role given to a user is a valid, existing role in the cluster.'; +revoke execute on function ensure_role_exists() from public; + create trigger ensure_role_exists after insert or update on "user" diff --git a/deploy/find_user_role.sql b/deploy/find_user_role.sql index 90ff583..81fb0f9 100644 --- a/deploy/find_user_role.sql +++ b/deploy/find_user_role.sql @@ -21,4 +21,6 @@ stable; comment on function find_user_role(email, text) is 'Return the database role assigned to the user with the given email and password'; +revoke execute on function find_user_role(email, text) from public; + commit; diff --git a/deploy/login.sql b/deploy/login.sql index a0928d5..54e5677 100644 --- a/deploy/login.sql +++ b/deploy/login.sql @@ -28,6 +28,7 @@ security definer; comment on function login(email, text) is 'Checks that the email and password pair is valid and returns the user’s databasse role.'; +revoke execute on function login(email, text) from public; grant execute on function login(email, text) to guest; commit; diff --git a/deploy/schema_public.sql b/deploy/schema_public.sql index dee047f..2b2a2e5 100644 --- a/deploy/schema_public.sql +++ b/deploy/schema_public.sql @@ -6,8 +6,6 @@ begin; revoke create on schema public from public; revoke usage on schema public from public; -alter default privileges revoke execute on functions from public; - grant usage on schema public to guest; grant usage on schema public to invoicer; grant usage on schema public to admin;