Rendezvous variables: safe to pass an access token between two extensions?

From: vaibhave postgres <postgresvaibhave(at)gmail(dot)com>
To: pgsql-hackers(at)postgresql(dot)org
Subject: Rendezvous variables: safe to pass an access token between two extensions?
Date: 2026-07-09 10:36:58
Message-ID: CAM_eQjy8rG7yExX5JMhA3UKycWfvtw6w-x-SBV+sPmKWAmXvMA@mail.gmail.com
Views: Whole Thread | Raw Message | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Hi all,

Extension A receives an access token and needs to hand it to extension B,
which publishes a handler function via a rendezvous variable
(find_rendezvous_variable).

Since rendezvous variables are just a global, name-keyed void * with no
notion of who populated the slot, is it safe to pass a sensitive value (the
token) this way? My worry is that another loaded module could register the
same name and receive the token instead of the intended extension B.

Is there a supported way to verify the publisher of a rendezvous variable,
or is there a better way to do this? Any prior art would help.

Thanks.

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Andreas Karlsson 2026-07-09 10:44:19 Re: Rendezvous variables: safe to pass an access token between two extensions?
Previous Message Ashutosh Bapat 2026-07-09 09:40:48 Re: [Bug] Add the missing RTE_GRAPH_TABLE case to transformLockingClause()