| From: | Julien Rouhaud <rjuju123(at)gmail(dot)com> |
|---|---|
| To: | Joel Jacobson <joel(at)compiler(dot)org> |
| Cc: | Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com>, Marko Tiikkaja <marko(at)joh(dot)to>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: security_definer_search_path GUC |
| Date: | 2021-06-02 16:58:31 |
| Message-ID: | 20210602165831.ujuxt7e7fgv3vkdx@nol |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Jun 02, 2021 at 02:46:08PM +0200, Joel Jacobson wrote:
>
> But perhaps the search_path as an uninstallable extension is a less invasive idea.
I don't that that happening any time soon. An extension only adds SQL objects,
it doesn't impact backend code. You can ship a module with your extension, but
dropping an extension won't unload the module. And if it were then there's the
*_preload_libraries that would totally nullify what you want.
On top of that, it would also mean that the relation resolving could be changed
by any other extension, which seems like a bad idea.
> But search_path is not the only problem. I think it's also a problem objects
> with the same identifies can be created in both pg_catalog and public. Can we
> think of a valid reason why it is a good idea to continue to allow that? In
> what real-life scenario is it needed?
One somewhat acceptable use case is to replace catalog access with views to
give access to some data e.g. some monitoring users. That's less a problem
recently with the default roles, but still.
There might be others.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2021-06-02 18:39:20 | Re: parent foreign tables and row marks |
| Previous Message | Pavel Stehule | 2021-06-02 16:52:15 | Re: security_definer_search_path GUC |