Skip site navigation (1) Skip section navigation (2)

Re: search_path vs extensions

From: Greg Stark <stark(at)enterprisedb(dot)com>
To: Robert Haas <robertmhaas(at)gmail(dot)com>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "David E(dot) Wheeler" <david(at)kineticode(dot)com>, Dimitri Fontaine <dfontaine(at)hi-media(dot)com>, Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org, Stephen Frost <sfrost(at)snowman(dot)net>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Josh Berkus <josh(at)agliodbs(dot)com>, Andrew Gierth <andrew(at)tao11(dot)riddles(dot)org(dot)uk>
Subject: Re: search_path vs extensions
Date: 2009-05-29 23:53:14
Message-ID: 4136ffa0905291653v76a9425di89a7d73cf7c43e0d@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-hackers
On Fri, May 29, 2009 at 11:18 PM, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
>
> Good point.  But maybe there's some way of getting some kind of
> behavior that is closer to lexical scoping/early binding?  Because the
> way it works right now has lousy security implications, beyond being
> difficult for search_path management.  Assign a search path to a
> schema, that applies to views and functions defined therein?
> *brainstorming*

Well we already set search_path locally in SECURITY DEFINER functions.
Normal functions run with the credentials of the caller so that's not
an issue.

But if a SECURITY DEFINER function calls another function that other
function will inherit the credentials of the caller so it must inherit
the search path of the caller as well. So that has to be dynamically
scoped.

I'm beginning to understand why Oracle programmers are accustomed to
setting SECURITY DEFINER everywhere. I think Oracle also knows to
treat such code as lexically scoped and can bind references when
loading such code.

-- 
greg

In response to

Responses

pgsql-hackers by date

Next:From: Greg StarkDate: 2009-05-30 00:16:25
Subject: Re: search_path improvements WAS: search_path vs extensions
Previous:From: decibelDate: 2009-05-29 23:44:46
Subject: Re: Allow vacuumdb to only analyze

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group