From: | Bruce Momjian <bruce(at)momjian(dot)us> |
---|---|
To: | KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp> |
Cc: | Gregory Stark <stark(at)enterprisedb(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, pgsql-hackers(at)postgresql(dot)org, simon(at)2ndQuadrant(dot)com |
Subject: | Re: Updates of SE-PostgreSQL 8.4devel patches (r1324) |
Date: | 2008-12-19 17:00:41 |
Message-ID: | 200812191700.mBJH0f223000@momjian.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
KaiGai Kohei wrote:
> Gregory Stark wrote:
> > KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp> writes:
> >
> >> I didn't replace the previous implementation blindly, I have a few
> >> reasons that the current one is better than previous one.
> >>
> >> For example, if an input handler has side-effects, what is happen in
> >> the following query?
> >>
> >> SELECT 'valid_but_new_security_label'::regseclabel;
> >>
> >> It looks like a read-only query, but the input handler can insert a new
> >> tuple into pg_security. In addition, the newly inserted tuple may not
> >> be refered any more. It is a waste of spaces.
> >
> > Ooh, and how would we know when to vacuum this label?
>
> It is not necessary, because the number of security labels
> are assumed enough small.
Yep. I agree doing something like regproc makes sense:
test=> \d pg_operator
Table "pg_catalog.pg_operator"
Column | Type | Modifiers
--------------+---------+-----------
oprname | name | not null
oprnamespace | oid | not null
oprowner | oid | not null
oprkind | "char" | not null
oprcanmerge | boolean | not null
oprcanhash | boolean | not null
oprleft | oid | not null
oprright | oid | not null
oprresult | oid | not null
oprcom | oid | not null
oprnegate | oid | not null
--> oprcode | regproc | not null
--> oprrest | regproc | not null
--> oprjoin | regproc | not null
but the auto-creation of pg_security rows does make this problematic.
regproc works because it only supports pre-created pg_proc rows.
Can we support two data types, one for read-only and another for
possible creation? That is not going to work for a query like
SELECT * FROM x WHERE col != 'valid_but_new_security_label'::regseclabel;
because the cast would fail if the pg_security row doesn't exist, but
the query itself perhaps might succeed and return rows.
Can we require joins to use pg_security directly? I wish I could think
of some magic that indicated the pg_security row should be created.
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
From | Date | Subject | |
---|---|---|---|
Next Message | Kevin Grittner | 2008-12-19 17:54:18 | Re: Hot standby and b-tree killed items |
Previous Message | Peter Eisentraut | 2008-12-19 16:38:04 | Re: SQL/MED compatible connection manager |