| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Chapman Flack <chap(at)anastigmatix(dot)net>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: pie-in-sky idea: 'sensitive' function parameters |
| Date: | 2020-05-29 19:47:06 |
| Message-ID: | 11348.1590781626@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Robert Haas <robertmhaas(at)gmail(dot)com> writes:
> On Fri, May 29, 2020 at 3:26 PM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> One missing part of that is that we'd need to support bind parameters
>> for utility statements, eg new password in ALTER USER. That's been
>> on the wish list for a long time anyway, of course. I think it's
>> mostly a matter of lack of round tuits, rather than any fundamental
>> problem. (Parameters in transaction control statements might have
>> fundamental problems, but we can just dismiss that as out of scope.)
> I might be wrong, but isn't this, like, a ton of work?
I'm not sure how much work, but yeah, there'd be work to do.
I don't think there are all that many places where we really have
just a string literal (of course, ALTER USER PASSWORD is a poster
child exception). I think a large fraction of the interesting cases are
places where there's some amount of expression eval capability already,
eg parameters in EXECUTE. Syntactically you can already do
execute foo(1, $1 + 2);
and the only part of that that doesn't work is passing in a parameter.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jeff Davis | 2020-05-29 20:12:40 | Re: Trouble with hashagg spill I/O pattern and costing |
| Previous Message | Robert Haas | 2020-05-29 19:44:29 | Re: Default gucs for EXPLAIN |