| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Gregory Stark <stark(at)enterprisedb(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Should creating a new base type require superuser status? |
| Date: | 2008-07-30 22:13:10 |
| Message-ID: | 24287.1217455990@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers pljava-dev |
Gregory Stark <stark(at)enterprisedb(dot)com> writes:
> "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> writes:
>> Unless you're going to allow them to create new C functions, I'm not
>> clear on how much they're going to be able to change the semantics.
> Well there's plenty that can be done just using text or bytea as
> representations. citext, or uuid for example.
For the sort of look-ma-no-C programming that you seem to be
envisioning, I don't think that real base types are appropriate at all.
What might make sense is to handle it as a domain over some
suitably-generic base type. The thing we'd have to fix to make that
work is the way that the ambiguous-function resolution rules
discriminate against functions that're declared to take domains.
Which is hard, but it seems a lot less likely to lead to weird
security risks than letting untrusted users mess with the details
of base-type operations.
Elein was going to go off in a corner and think about how to make that
work better, but I dunno if she's gotten anywhere yet.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tatsuo Ishii | 2008-07-30 22:57:22 | Re: printing raw parse tree |
| Previous Message | Alvaro Herrera | 2008-07-30 22:07:53 | Re: Should creating a new base type require superuser status? |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Sullivan | 2008-07-31 08:39:47 | Re: Should creating a new base type require superuser status? |
| Previous Message | Alvaro Herrera | 2008-07-30 22:07:53 | Re: Should creating a new base type require superuser status? |