From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: Should we get rid of custom_variable_classes altogether? |
Date: | 2011-10-03 14:41:48 |
Message-ID: | 15021.1317652908@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Andrew Dunstan <andrew(at)dunslane(dot)net> writes:
> On 10/03/2011 10:17 AM, Tom Lane wrote:
>> Right. Getting rid of custom_variable_classes should actually make
>> those use-cases easier, since it will eliminate a required setup step.
> So are we going to sanction using this as a poor man's session variable
> mechanism?
People already are doing that, sanctioned or not.
> If so maybe we should at least warn that anything set will be accessible
> by all roles, so security definer functions for example should be wary
> of trusting such values.
Since it's not documented anywhere, I'm not sure where we'd put such
a warning. I think anyone bright enough to think of such a hack should
be able to see the potential downsides, anyway.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Dimitri Fontaine | 2011-10-03 14:54:36 | Re: [v9.2] DROP statement reworks |
Previous Message | Andrew Dunstan | 2011-10-03 14:41:11 | Re: SPI_processed is not set for COPY statement |