Re: proposal: session server side variables

2016-12-28 15:38 GMT+01:00 Fabien COELHO <coelho(at)cri(dot)ensmp(dot)fr>:

>
> For security the variable should be persistent.
>>
>
> Why should they? If it is a session variable, being created when needed or
> used with the right type could be enough?
>

You cannot to trust some fuzzy object - or you have to play hard game with
securing content - hashing, coding, decoding - it is slow, cpu intensive

>
> If you would to do statical analyse (what you usually would), then variable
>> should be persistent.
>>
>
> I do not understand what static analysis you would need/want to do on
> session variables.
>
> Currently the big issue of plpgsql_check is work with temporary tables.
>>
>
> Do you mean that temporary table are too slow/costly?
>

No, I mean so when you use temporary tables inside plpgsql functions, then
the static analyze like plpgsql check is almost impossible.

>
> Local objects or dynamic sql is stop for static check.
>>
>
> Hmm. If something is dynamic, it is not static, but I do not understand
> your point.
>

I cannot to speak instead you, but lot of people prefer static analyze of
code. The static analyze can be done only on static (persistent metadata).
You cannot do it with dynamic (unfixed in schema) objects.

regards

Pavel

>
> --
> Fabien.
>