From: | Fabien COELHO <fabien(dot)coelho(at)mines-paristech(dot)fr> |
---|---|
To: | Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com> |
Cc: | Craig Ringer <craig(at)2ndquadrant(dot)com>, Fabrízio de Royes Mello <fabriziomello(at)gmail(dot)com>, Joe Conway <mail(at)joeconway(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: proposal: session server side variables |
Date: | 2016-12-29 10:28:11 |
Message-ID: | alpine.DEB.2.20.1612291108400.4911@lancre |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Hello Pavel,
> There are two concepts - both can be implemented, and used (can be used
> together).
That is one point I would like to ascertain clearly and explicitely, so
having various designs side by side, eg in the wiki page, would help if
and where they interact.
The second point I am keen on discussing is how the proposed designs
provide a solution to different use cases, and at what cost.
I've added sections about use cases (I have listed 3) and how they could
be supported in the wiki page.
> Both these concepts has some advantage and some disadvantages. It is
> hard to expect, so there is possible full agreement - because everybody
> has different preferences.
Sure.
> I understand so for you can be your proposal more readable, but for me,
> your design of usage and security looks not well.
Yep, there are pros and cons to all proposals. I wish they are listed
somewhere, and possibly discussed, because some pros/cons depends on
some detailed features.
> It is acceptable without PRIVATE flags and similar flags. It is not
> designed be secure.
Indeed. I've taken this point somehow into account and changed my proposal
so that session variables are private by default, and now I'm not even
sure that there should exist public session variables at all...
> (MySQL has nothing similar, I don't know if MSSQL has some, but probably
> not). Ok. We have different priorities. For you is not usual so in one
> session there can be more more times switch of secure context. It is
> usual for me, and for applications what I write.
I have added a section in the wiki to present succintely existing stuff in
other products.
>> Could you put your ideal (final) design proposition on the wiki page?
> yes, I'll do it.
Good!
--
Fabien.
From | Date | Subject | |
---|---|---|---|
Next Message | Fabien COELHO | 2016-12-29 10:42:45 | Re: proposal: session server side variables |
Previous Message | Pavel Stehule | 2016-12-29 09:46:36 | Re: proposal: session server side variables |