From 70fe432102539991a750eee5b9dc71a9628a232f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Juan=20Ignacio=20S=C3=A1nchez=20Lara?=
 <juanignaciosl@gmail.com>
Date: Wed, 19 Aug 2015 11:20:06 +0200
Subject: [PATCH] Secured configuration access

---
 scripts-available/CDB_Conf.sql       | 9 ++++++++-
 scripts-available/CDB_Groups_API.sql | 4 +++-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/scripts-available/CDB_Conf.sql b/scripts-available/CDB_Conf.sql
index 73d1424..196f11d 100644
--- a/scripts-available/CDB_Conf.sql
+++ b/scripts-available/CDB_Conf.sql
@@ -1,3 +1,10 @@
+----------------------------------
+-- CONF MANAGEMENT FUNCTIONS
+--
+-- Meant to be used by superadmin user.
+-- Functions needing reading configuration should use SECURITY DEFINER.
+----------------------------------
+
 -- This will trigger NOTICE if CDB_CONF already exists
 DO LANGUAGE 'plpgsql' $$
 BEGIN
@@ -32,7 +39,7 @@ BEGIN
     EXECUTE 'select cartodb._CDB_Conf_Cache(''get'', $1) as conf;' INTO conf USING param;
     RETURN conf;
 END
-$$ LANGUAGE PLPGSQL STABLE SECURITY DEFINER;
+$$ LANGUAGE PLPGSQL STABLE;
 
 -- Single cache function allowing SD private dict usage
 CREATE OR REPLACE
diff --git a/scripts-available/CDB_Groups_API.sql b/scripts-available/CDB_Groups_API.sql
index 4a1c9bb..d36550e 100644
--- a/scripts-available/CDB_Groups_API.sql
+++ b/scripts-available/CDB_Groups_API.sql
@@ -66,6 +66,8 @@ $$ LANGUAGE 'plpythonu' VOLATILE;
 
 DO LANGUAGE 'plpgsql' $$
 BEGIN
+    -- Needed for dropping type
+    DROP FUNCTION IF EXISTS cartodb._CDB_Group_API_Conf();
     DROP TYPE IF EXISTS _CDB_Group_API_Params;
 END
 $$;
@@ -136,4 +138,4 @@ $$
       raise last_err
 
     return None
-$$ LANGUAGE 'plpythonu' VOLATILE;
+$$ LANGUAGE 'plpythonu' VOLATILE SECURITY DEFINER;