Re: Possible SET SESSION AUTHORIZATION bug

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: "Chris Ochs" <chris(at)paymentonline(dot)com>
Cc: pgsql-general(at)postgreSQL(dot)org
Subject: Re: Possible SET SESSION AUTHORIZATION bug
Date: 2004-06-22 00:52:53
Message-ID: 8197.1087865573@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

"Chris Ochs" <chris(at)paymentonline(dot)com> writes:
> On my system I get permission denied when I switch to pgtest2 and select *
> from pgtest_func.

What's being cached here is not the authorization, but the table
reference --- that is, the function's SELECT FROM pgtest_table
is resolved as pgtest1.pgtest_table the first time you run it,
and that remains true even though the schema search path is
different during the second call. The permissions failure occurs
because the correct user is trying to access the wrong table,
not wrong user and right table.

There's been some talk of trying to deal with this by associating
cached plans with particular schema search path strings, but no
one's done anything about it yet --- it looks expensive, and it
wouldn't prevent every failure of this sort anyway. Consider
for example that your search path is a,b,c, and on the first time
through "t1" is resolved as "b.t1". Now you create an "a.t1"
and call the function again. The search path is still the same,
so a cache based on checking that would not notice that it ought
to recompile the query.

regards, tom lane

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Chris Ochs 2004-06-22 01:09:54 Re: Possible SET SESSION AUTHORIZATION bug
Previous Message Mike G 2004-06-22 00:50:38 Re: PGSQL service dieing...