Re: Extension security improvement: Add support for extensions with an owned schema

From: "David E(dot) Wheeler" <david(at)justatheory(dot)com>
To: Robert Haas <robertmhaas(at)gmail(dot)com>
Cc: Jelte Fennema-Nio <me(at)jeltef(dot)nl>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Extension security improvement: Add support for extensions with an owned schema
Date: 2024-06-20 17:00:41
Message-ID: 3E54748A-81CA-49E8-983C-5BFA04486948@justatheory.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Jun 19, 2024, at 11:28, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:

> But I wonder if there might also be another possible approach: could
> we, somehow, prevent object references in extension scripts from
> resolving to anything other than the system catalogs and the contents
> of that extension? Perhaps with a control file setting to specify a
> list of trusted extensions which we're also allowed to reference?

It would also have to allow access to other extensions it depends upon.

D

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message David E. Wheeler 2024-06-20 17:02:36 Re: Extension security improvement: Add support for extensions with an owned schema
Previous Message David G. Johnston 2024-06-20 16:11:16 Re: ON ERROR in json_query and the like