Re: SQL-standard function bodies and creating SECURITY DEFINER routines securely

On Fri, Oct 07, 2022 at 09:35:49AM -0400, Bruce Momjian wrote:
> On Fri, Oct 7, 2022 at 08:05:36AM +0000, Erki Eessaar wrote:
> > I confirmed, that setting search_path is indeed sometimes needed in case of
> > SECURITY DEFINER routines that have SQL-standard bodies. See an example at the
> > end of the letter.
> >
> > I suggest the following paragraph to the documentation:
> >
> > Starting from PostgreSQL 14 SQL-standard bodies can be used in SQL-language
> > functions. This form tracks dependencies between the function and objects used
> > in the function body. However, there is still a possibility that such function
> > calls other code that reacts to search path. Thus, as a best practice, SECURITY
> > DEFINER functions with SQL-standard bodies should also override search_path.
>
> I think this gets back to what Noah said about this section not needing
> to explain all the details but rather give general guidance. I am not
> sure adding the reasons for _why_ you should use search path for
> SQL-standard bodies is really adding anything. Noah, is that accurate?

Yes, that's my thinking. It's hard to make objective decisions about how
deeply to cover each topic in the documentation. I'm content with the present
state of this particular section, though.