| From: | Gregory Stark <stark(at)enterprisedb(dot)com> |
|---|---|
| To: | "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | <pgsql-hackers(at)postgreSQL(dot)org> |
| Subject: | Re: Per-function search_path => per-function GUC settings |
| Date: | 2007-09-01 17:48:55 |
| Message-ID: | 87ps12jmyg.fsf@oxford.xeocode.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
"Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> writes:
> I thought about ways to include GUC settings directly into CREATE
> FUNCTION, but it seemed pretty ugly and inconsistent with the
> existing syntax. So I'm thinking of supporting only the above
> syntaxes, meaning it'll take at least two commands to create a secure
> SECURITY DEFINER function.
I think security definer functions should automatically inherit their
search_path. The whole "secure by default" thing.
It might be best to have a guc variable which controls the variables which are
automatically saved. regexp_flavour and maybe a handful of others could be in
it by default. But that might depend on how expensive it is at run-time. I
wouldn't want trivial SQL functions to no longer be inline-able because one
might one day use a regexp for example.
--
Gregory Stark
EnterpriseDB http://www.enterprisedb.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2007-09-01 17:55:06 | Re: Per-function search_path => per-function GUC settings |
| Previous Message | Brendan Jurd | 2007-09-01 17:36:41 | Re: Per-function search_path => per-function GUC settings |