Re: security_definer_search_path GUC

út 1. 6. 2021 v 13:13 odesílatel Joel Jacobson <joel(at)compiler(dot)org> napsal:

> On Tue, Jun 1, 2021, at 12:55, Pavel Stehule wrote:
>
>
>
> út 1. 6. 2021 v 12:53 odesílatel Joel Jacobson <joel(at)compiler(dot)org> napsal:
>
> On Tue, Jun 1, 2021, at 10:44, Pavel Stehule wrote:
>
> Operators use schemas too. I cannot imagine any work with operators with
> the necessity of explicit schemas.
>
>
> I thought operators are mostly installed in the public schema, in which
> case that wouldn't be a problem, or am I missing something here?
>
>
> It is inconsistency - if I use schema for almost all, then can be strange
> to store operators just to public.
>
>
> I don't agree. If an extension provides functionality that is supposed to
> be used by all parts of the system, then I think the 'public' schema is a
> good choice.
>

I disagree

usual design of extensions (when schema is used) is

create schema ...
set schema ...

create table
create function
...

It is hard to say if it is good or it is bad. Orafce using my own schema,
and some things are in public (and some in pg_catalog), and people don't
tell me, so it was a good choice.

Regards

Pavel

> Using schemas only for the sake of separation, i.e. adding the schemas to
> the search_path, to make them implicitly available, is IMO an ugly hack,
> since if just wanting separation without fully-qualifying, then packaging
> the objects are separate extensions is much cleaner. That way you can
> easily see what objects are provided by each extension using \dx+.
>
> /Joel
>