| From: | Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com> |
|---|---|
| To: | Fabien COELHO <coelho(at)cri(dot)ensmp(dot)fr> |
| Cc: | Craig Ringer <craig(at)2ndquadrant(dot)com>, Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com>, Fabrízio de Royes Mello <fabriziomello(at)gmail(dot)com>, Joe Conway <mail(at)joeconway(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: proposal: session server side variables |
| Date: | 2016-12-31 18:06:50 |
| Message-ID: | CAFj8pRCfftVwNSd2yY3jReuAd7PN5ZmRCEte2TkcH9chXKTSTw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
2016-12-31 18:46 GMT+01:00 Fabien COELHO <coelho(at)cri(dot)ensmp(dot)fr>:
>
> DROP VARIABLE super_secret;
>>> CREATE VARIABLE super_secret ...;
>>>
>>
>> But you don't do it in functions - these variables are persistent - you
>> don't create it or drop inside functions. The content is secure, so you
>> don't need to hide this variable against other.
>>
>
> ISTM that you are still missing my point.
>
> I understood that you want a static analysis tool to re-assure you about
> how your session variables are manipulated. I do not see how such a tool
> can give any assurance without checking that the variable meta-data are not
> changed by some malicious code inserted in a function.
if you afraid this, then just use grep to verify functions that have this
code. It is same like tables - you can generate it dynamicly, but is risks
- similar to use dynamic SQL. Sure, there is a exceptions - but there are
rules for PL - don't use dynamic SQL if it is not deadly necessary, use SQL
security, not own, ...
>
>
>
>>> I'm not sure that I understand these sentences.
>>>
>>
>>
>> so I don't prefer any design that increase a area where plpgsql_check
>> should not work.
>>
>
> My assumption is that plpgsql_check can be improved. For instance, I
> assume that if "secure session variables" are added, then it will be
> enhanced to do some checking about these and take them into account. If
> "simple session variables" are added, I assume that it would also be
> updated accordingly.
in simple session variables there are not any safe point - any
authoritative point. Sure I can do some - I can introduce some hints, etc -
but it is workaround - nothing more - it like C development without header
files.
>
>
> I wrote my notes there.
>>>
>>>>
>>>>
>>> Great! I restructured a little bit and tried to improve the English. I
>>> also added questions when some statement that I think are too optimistic,
>>> or are unclear to me.
>>>
>>
>> we have just different perspectives
>>
>
> I'm trying to have sentences that are both clear and true. If I think that
> a sentence is imprecise because it is missing a key hypothesis, then I try
> to improve it, whether it is mine or someone else.
>
>
> --
> Fabien.
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2016-12-31 18:38:55 | Re: safer node casting |
| Previous Message | Tom Lane | 2016-12-31 18:00:40 | Re: safer node casting |