| From: | Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com> |
|---|---|
| To: | Fabien COELHO <coelho(at)cri(dot)ensmp(dot)fr> |
| Cc: | Craig Ringer <craig(at)2ndquadrant(dot)com>, Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com>, Fabrízio de Royes Mello <fabriziomello(at)gmail(dot)com>, Joe Conway <mail(at)joeconway(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: proposal: session server side variables |
| Date: | 2016-12-30 18:04:56 |
| Message-ID: | CAFj8pRCW9gx85xe5-QV2aVKL-vMgVzmuCktxa+E2is4RxC9rsQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
2016-12-30 18:39 GMT+01:00 Fabien COELHO <coelho(at)cri(dot)ensmp(dot)fr>:
>
> DECLARE @var EXTERNAL
>>>>
>>>
>>> I do not know what you mean by 'EXTERNAL'.
>>>
>>
>> it means "used as shared in session"
>>
>
> Shared by whom? There is no such thing in the proposal I have made on the
> wiki or in mails. In the proposal variables are private to the role which
> creates them.
shared by functions in session.
>
>
> It is possible to find "some" typos, depending on the code: you can check
>>> that a variable is both assigned and used somewhere, otherwise it is very
>>> probably a typo. Perl does that *statically*, before executing a script.
>>>
>>
>> "Before execution" .. I am speaking "without execution".
>>
>
> Before execution is also without execution. You can run "perl -c" to get
> the warning.
>
> theoretically, if you check all possible functions, you can find some
>> issues - but you have to check all function on server.
>>
>
> Yes, sure. It seems to be the same with your proposal: if a hidden
> function drops and recreates a session variable with a different type, or
> changes its permission, then some static checks are void as well, that is
> life. Also, a SQL function may access and modify the variables
> unexpectedly, that would be missed by a PL/pgSQL analysis tool... There is
> no miracle.
>
>
No - metadata, in my design, are persistent - like tables - so you don't
calculate so any functions can drop a variables. The deployment of secure
variables is same like table deployment. No dynamic there.
> Basically, there may be issues even if static analysis tools says that all
> is well.
>
> Elsewhere you cannot to find typo in DECLARE statement.
>>
>
> Indeed, probably there exists some class of typos that may not be found by
> some static analysis implementations on PL/pgSQL functions which uses basic
> session variables.
>
yes, and I would not to append any new case that cannot be covered by
plpgsql check. Dynamic SQL and our temporal tables are enough issues
already.
>
> By the way, are you planing to contribute to the wiki?
>
> https://wiki.postgresql.org/wiki/Variable_Design
I wrote my notes there.
>
>
> --
> Fabien.
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2016-12-30 19:56:52 | Re: rewrite HeapSatisfiesHOTAndKey |
| Previous Message | David Fetter | 2016-12-30 17:46:40 | Re: [PATCH] Rename pg_switch_xlog to pg_switch_wal |