| From: | Greg Stark <stark(at)enterprisedb(dot)com> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "David E(dot) Wheeler" <david(at)kineticode(dot)com>, Dimitri Fontaine <dfontaine(at)hi-media(dot)com>, Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org, Stephen Frost <sfrost(at)snowman(dot)net>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Josh Berkus <josh(at)agliodbs(dot)com>, Andrew Gierth <andrew(at)tao11(dot)riddles(dot)org(dot)uk> |
| Subject: | Re: search_path vs extensions |
| Date: | 2009-05-29 23:53:14 |
| Message-ID: | 4136ffa0905291653v76a9425di89a7d73cf7c43e0d@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, May 29, 2009 at 11:18 PM, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
>
> Good point. But maybe there's some way of getting some kind of
> behavior that is closer to lexical scoping/early binding? Because the
> way it works right now has lousy security implications, beyond being
> difficult for search_path management. Assign a search path to a
> schema, that applies to views and functions defined therein?
> *brainstorming*
Well we already set search_path locally in SECURITY DEFINER functions.
Normal functions run with the credentials of the caller so that's not
an issue.
But if a SECURITY DEFINER function calls another function that other
function will inherit the credentials of the caller so it must inherit
the search path of the caller as well. So that has to be dynamically
scoped.
I'm beginning to understand why Oracle programmers are accustomed to
setting SECURITY DEFINER everywhere. I think Oracle also knows to
treat such code as lexically scoped and can bind references when
loading such code.
--
greg
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Greg Stark | 2009-05-30 00:16:25 | Re: search_path improvements WAS: search_path vs extensions |
| Previous Message | decibel | 2009-05-29 23:44:46 | Re: Allow vacuumdb to only analyze |