From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org> |
Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, Noah Misch <noah(at)leadboat(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: public schema default ACL |
Date: | 2018-03-07 14:44:50 |
Message-ID: | 19853.1520433890@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org> writes:
> Now, maybe the idea of creating it as soon as a connection is
> established is not great. What about creating it only when the first
> object creation is attempted and there is no other schema to create in?
> This avoid pointless proliferation of empty user schemas, as well as
> avoid the overhead of checking existence of schem $user on each
> connection.
Hmm. On first glance that sounds bizarre, but we do something pretty
similar for the pg_temp schemas, so it could likely be made to work.
One issue to think about is exactly which $user we intend to make the
schema for, if we've executed SET SESSION AUTHORIZATION, or are inside
a SECURITY DEFINER function, etc etc. I'd argue that only the original
connection username should get this treatment, which may mean that object
creation can fail in those contexts.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | David Steele | 2018-03-07 14:46:41 | Re: Re: [PATCH] GET DIAGNOSTICS FUNCTION_NAME |
Previous Message | David Steele | 2018-03-07 14:41:29 | Re: [HACKERS] Subscription code improvements |