| From: | Marko Tiikkaja <marko(at)joh(dot)to> |
|---|---|
| To: | Joel Jacobson <joel(at)compiler(dot)org> |
| Cc: | Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: security_definer_search_path GUC |
| Date: | 2021-06-03 15:54:42 |
| Message-ID: | CAL9smLBppOVxa83AM9yNJZs1EZcHfJQBjiExKYnk-tZXvJ4x-g@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Jun 3, 2021 at 9:14 AM Joel Jacobson <joel(at)compiler(dot)org> wrote:
> On Thu, Jun 3, 2021, at 00:55, Marko Tiikkaja wrote:
>
> They still show up everywhere when looking at "public". So this is only
> slightly better, and a maintenance burden.
>
>
> Good point. I find this annoying as well sometimes.
>
> It's easy to get a list of all objects for an extension, via \dx+
>
> But it's hard to see what objects in a schema, that are provided by
> different extensions, via e.g. \df public.*
>
> What about adding a new "Extension" column next to "Schema" to the
> relevant commands, such as \df?
>
That's just one part of it. The other part of my original proposal was to
avoid having to SET search_path for all SECURITY DEFINER functions. I
still think either being able to lock search_path or the separate prosecdef
search_path is the best option here.
.m
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Pavel Stehule | 2021-06-03 16:03:09 | Re: security_definer_search_path GUC |
| Previous Message | Pavel Stehule | 2021-06-03 15:51:13 | Re: security_definer_search_path GUC |