Re: security_definer_search_path GUC

út 1. 6. 2021 v 17:57 odesílatel Joel Jacobson <joel(at)compiler(dot)org> napsal:

> On Tue, Jun 1, 2021, at 14:41, Pavel Stehule wrote:
>
> út 1. 6. 2021 v 13:13 odesílatel Joel Jacobson <joel(at)compiler(dot)org> napsal:
>
> I don't agree. If an extension provides functionality that is supposed to
> be used by all parts of the system, then I think the 'public' schema is a
> good choice.
>
>
> I disagree
>
> usual design of extensions (when schema is used) is
>
> create schema ...
> set schema ...
>
> create table
> create function
>
> It is hard to say if it is good or it is bad.
>
>
> Yes, it's hard, because it's a matter of taste.
> Some prefer convenience, others clarity/safety.
>
> Orafce using my own schema, and some things are in public (and some in
> pg_catalog), and people don't tell me, so it was a good choice.
>
>
> I struggle to understand this last sentence.
> So you orafce extension installs objects in both public and pg_catalog,
> right.
> But what do you mean with "people don't tell me"?
> And what "was a good choice"?
>

I learned programming on Orafce, and I didn't expect any success, so I
designed it quickly, and the placing of old Orafce's functions to schemas
is messy.

I am sure, if I started again, I would never use pg_catalog or public
schema. I think if somebody uses schema, then it is good to use schema for
all without exceptions - but it expects usage of search_path. I am not sure
if using public schema or using search_path are two sides of one thing.

Pavel

>
> Thanks for explaining.
>
> /Joel
>