Skip site navigation (1) Skip section navigation (2)

Re: search_path vs extensions

From: Robert Haas <robertmhaas(at)gmail(dot)com>
To: Greg Stark <stark(at)enterprisedb(dot)com>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "David E(dot) Wheeler" <david(at)kineticode(dot)com>, Dimitri Fontaine <dfontaine(at)hi-media(dot)com>, Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org, Stephen Frost <sfrost(at)snowman(dot)net>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Josh Berkus <josh(at)agliodbs(dot)com>, Andrew Gierth <andrew(at)tao11(dot)riddles(dot)org(dot)uk>
Subject: Re: search_path vs extensions
Date: 2009-05-30 01:15:37
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
On Fri, May 29, 2009 at 7:53 PM, Greg Stark <stark(at)enterprisedb(dot)com> wrote:
> On Fri, May 29, 2009 at 11:18 PM, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
>> Good point.  But maybe there's some way of getting some kind of
>> behavior that is closer to lexical scoping/early binding?  Because the
>> way it works right now has lousy security implications, beyond being
>> difficult for search_path management.  Assign a search path to a
>> schema, that applies to views and functions defined therein?
>> *brainstorming*
> Well we already set search_path locally in SECURITY DEFINER functions.
> Normal functions run with the credentials of the caller so that's not
> an issue.

Maybe not for security, but certainly it is for correctness.

> But if a SECURITY DEFINER function calls another function that other
> function will inherit the credentials of the caller so it must inherit
> the search path of the caller as well. So that has to be dynamically
> scoped.
> I'm beginning to understand why Oracle programmers are accustomed to
> setting SECURITY DEFINER everywhere. I think Oracle also knows to
> treat such code as lexically scoped and can bind references when
> loading such code.

Uh... if I'm understanding you correctly, then I'm really hoping we
engineer a better solution for PostgreSQL.


In response to

pgsql-hackers by date

Next:From: Bruce MomjianDate: 2009-05-30 02:39:25
Subject: Re: libpq is not thread safe
Previous:From: Greg StarkDate: 2009-05-30 00:36:20
Subject: Re: search_path improvements WAS: search_path vs extensions

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group