Re: proposal: session server side variables

From: Fabien COELHO <coelho(at)cri(dot)ensmp(dot)fr>
To: Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com>
Cc: PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: proposal: session server side variables
Date: 2016-12-26 16:33:18
Message-ID: alpine.DEB.2.20.1612261717460.4911@lancre
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers


> please, can send link?

My badly interpreted PL/SQL example was on the same page you point to
below:

> so some better documentation
> https://docs.oracle.com/cd/E11882_01/appdev.112/e25519/packages.htm#LNPLS99926

There is a private 'number_hired' which given its name I thought was
counting the number of employee, but it was just counting the number of
"hire_employee" calls in the current session... Not very interesting.

> I am sure, so package variables are not shared between sessions/backends

Indeed, I misinterpreted the Oracle documentation example.

>> [ grantable function example to access a private session variable... ]
>
> I am sorry, it is not secure. Theoretically it can work if you have
> granted order of function calls, but if not?

I'm not sure I understand.

If you do not grant/revoke permissions as you want on the functions, then
it can be invoked by anybody.

My point is that it is *possible* to tune permissions so as to control
exactly who may access a private session variable.

That is exactly the same with a grantable session variable if you do not
have done the necessary grant/revoke, there is no difference?

--
Fabien.

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Pavel Stehule 2016-12-26 16:49:44 Re: proposal: session server side variables
Previous Message Pavel Stehule 2016-12-26 16:24:38 Re: proposal: session server side variables