| From: | Nico Williams <nico(at)cryptonector(dot)com> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: proposal: schema variables |
| Date: | 2017-11-02 15:35:07 |
| Message-ID: | 20171102153505.GP4496@localhost |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Nov 02, 2017 at 06:05:54PM +0530, Robert Haas wrote:
> On Thu, Oct 26, 2017 at 12:51 PM, Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com> wrote:
> > The variables can be modified by SQL command SET (this is taken from
> > standard, and it natural)
> >
> > SET varname = expression;
>
> Overloading SET to handle both variables and GUCs seems likely to
> create problems, possibly including security problems. For example,
> maybe a security-definer function could leave behind variables to
> trick the calling code into failing to set GUCs that it intended to
> set. Or maybe creating a variable at the wrong time will just break
> things randomly.
That's already true of GUCs, since there are no access controls on
set_config()/current_setting().
Presumably "schema variables" would really just be GUC-like and not at
all like lexically scoped variables. And also subject to access
controls, thus an overall improvement on set_config()/current_setting().
With access controls, GUCs could become schema variables, and settings
from postgresql.conf could move into the database itself (which I think
would be nice).
Nico
--
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Pavel Stehule | 2017-11-02 15:40:36 | Re: proposal: schema variables |
| Previous Message | Craig Ringer | 2017-11-02 15:33:31 | Re: Client Connection redirection support for PostgreSQL |