Re: Loose ends after CVE-2020-14350 (extension installation hazards)

From: Chapman Flack <chap(at)anastigmatix(dot)net>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: pgsql-hackers(at)lists(dot)postgresql(dot)org
Subject: Re: Loose ends after CVE-2020-14350 (extension installation hazards)
Date: 2020-08-14 20:19:18
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

On 08/14/20 15:38, Tom Lane wrote:

> (3) If the SQL syntax is really just "WITH variable value [, ...]"
> then I'm afraid we're going to have a lot of parse-ambiguity problems
> with wedging full SET syntax into that. The ability for the righthand

There is precedent in the SET command for having one general syntax
usable for any GUC, and specialized ones for a few 'special' GUCs
(search_path, client_encoding, timezone).

Maybe WITH could be done the same way, inventing some less thorny syntax
for the general case

WITH (foo = bar, baz), (quux = 42), XMLBINARY BASE64, a AS (SELECT...)

and treating just the few like XMLBINARY that appear in the standard
as having equivalent specialized productions?

The only examples of the syntax in the standard that are coming to mind
right now are those I've seen in the SQL/XML part, but I feel like I have
seen others, as if the committee kind of likes their WITH local-setting-
of-something syntax, and additional examples may continue to appear.


In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Alvaro Herrera 2020-08-14 20:22:35 Re: run pgindent on a regular basis / scripted manner
Previous Message Mikhail Titov 2020-08-14 19:57:38 Re: [bug+patch] Inserting DEFAULT into generated columns from VALUES RTE