Re: Updates of SE-PostgreSQL 8.4devel patches (r1324)

From: Bruce Momjian <bruce(at)momjian(dot)us>
To: KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>
Cc: Gregory Stark <stark(at)enterprisedb(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, pgsql-hackers(at)postgresql(dot)org, simon(at)2ndQuadrant(dot)com
Subject: Re: Updates of SE-PostgreSQL 8.4devel patches (r1324)
Date: 2008-12-19 17:00:41
Message-ID: 200812191700.mBJH0f223000@momjian.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

KaiGai Kohei wrote:
> Gregory Stark wrote:
> > KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp> writes:
> >
> >> I didn't replace the previous implementation blindly, I have a few
> >> reasons that the current one is better than previous one.
> >>
> >> For example, if an input handler has side-effects, what is happen in
> >> the following query?
> >>
> >> SELECT 'valid_but_new_security_label'::regseclabel;
> >>
> >> It looks like a read-only query, but the input handler can insert a new
> >> tuple into pg_security. In addition, the newly inserted tuple may not
> >> be refered any more. It is a waste of spaces.
> >
> > Ooh, and how would we know when to vacuum this label?
>
> It is not necessary, because the number of security labels
> are assumed enough small.

Yep. I agree doing something like regproc makes sense:

test=> \d pg_operator
Table "pg_catalog.pg_operator"
Column | Type | Modifiers
--------------+---------+-----------
oprname | name | not null
oprnamespace | oid | not null
oprowner | oid | not null
oprkind | "char" | not null
oprcanmerge | boolean | not null
oprcanhash | boolean | not null
oprleft | oid | not null
oprright | oid | not null
oprresult | oid | not null
oprcom | oid | not null
oprnegate | oid | not null
--> oprcode | regproc | not null
--> oprrest | regproc | not null
--> oprjoin | regproc | not null

but the auto-creation of pg_security rows does make this problematic.
regproc works because it only supports pre-created pg_proc rows.

Can we support two data types, one for read-only and another for
possible creation? That is not going to work for a query like

SELECT * FROM x WHERE col != 'valid_but_new_security_label'::regseclabel;

because the cast would fail if the pg_security row doesn't exist, but
the query itself perhaps might succeed and return rows.

Can we require joins to use pg_security directly? I wish I could think
of some magic that indicated the pg_security row should be created.

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Kevin Grittner 2008-12-19 17:54:18 Re: Hot standby and b-tree killed items
Previous Message Peter Eisentraut 2008-12-19 16:38:04 Re: SQL/MED compatible connection manager