| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Bruce Momjian <bruce(at)momjian(dot)us> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Noah Misch <noah(at)leadboat(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Facility for detecting insecure object naming |
| Date: | 2018-08-15 15:05:06 |
| Message-ID: | CA+TgmoaWYDrO8rva2VPe7UmDH6Uo2UQtsa7sSQ209XQc=LsXNQ@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Aug 14, 2018 at 4:42 PM, Bruce Momjian <bruce(at)momjian(dot)us> wrote:
> So you are saying PG functions should lock down their search path at
> function definition time, and use that for all function invocations?
Yes, mostly. I don't think we can just change the existing behavior;
it would break a catastrophic amount of stuff. But we could add an
optional feature that does this, and encourage people to use it, much
the way Perl continues to support "local" even though "my" has been a
best practice for several decades.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Nico Williams | 2018-08-15 15:40:55 | Re: Facility for detecting insecure object naming |
| Previous Message | Robert Haas | 2018-08-15 14:58:54 | Re: C99 compliance for src/port/snprintf.c |