| From: | Fabien COELHO <coelho(at)cri(dot)ensmp(dot)fr> |
|---|---|
| To: | Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: proposal: session server side variables |
| Date: | 2016-12-26 16:33:18 |
| Message-ID: | alpine.DEB.2.20.1612261717460.4911@lancre |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> please, can send link?
My badly interpreted PL/SQL example was on the same page you point to
below:
> so some better documentation
> https://docs.oracle.com/cd/E11882_01/appdev.112/e25519/packages.htm#LNPLS99926
There is a private 'number_hired' which given its name I thought was
counting the number of employee, but it was just counting the number of
"hire_employee" calls in the current session... Not very interesting.
> I am sure, so package variables are not shared between sessions/backends
Indeed, I misinterpreted the Oracle documentation example.
>> [ grantable function example to access a private session variable... ]
>
> I am sorry, it is not secure. Theoretically it can work if you have
> granted order of function calls, but if not?
I'm not sure I understand.
If you do not grant/revoke permissions as you want on the functions, then
it can be invoked by anybody.
My point is that it is *possible* to tune permissions so as to control
exactly who may access a private session variable.
That is exactly the same with a grantable session variable if you do not
have done the necessary grant/revoke, there is no difference?
--
Fabien.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Pavel Stehule | 2016-12-26 16:49:44 | Re: proposal: session server side variables |
| Previous Message | Pavel Stehule | 2016-12-26 16:24:38 | Re: proposal: session server side variables |