Re: [proposal] protocol extension to support loadable stream filters

Brent Verner <brent@rcfile.org> writes:
> | I also wonder what happens when
> | the client and server disagree on the meaning of a filter name.

>   How this is any different than saying "...when the client and
> server disagree on the meaning of a ProtocolVersion.", which is
> how ssl support is currently requested/negotiated?

Nonsense.  The ProtocolVersion stuff is documented, fixed, and the same
for every Postgres installation that understands a given version at all.
What you are proposing is an installation-dependent meaning of protocol
(because the meaning of any particular filter name is not standardized).
I cannot see any way that that is a good idea.

>   What am I overlooking?

Cost/benefit.  You have yet to offer even one reason why destandardizing
the protocol is a win.

I am also pretty concerned about the security risks involved.  AFAICS
what you are proposing is that a user who hasn't even authenticated yet,
let alone proven himself to be a superuser, can ask the server to load
in code of uncertain provenance.  The downsides of this are potentially
enormous, and the upsides are ... well ... you didn't actually offer any.

>   I still don't see what additional problems would be created by
> using this StreamFilter API, so I'm going to march on and perhaps
> the problems/difficulties will become apparent ;-)

The stream-filter part is not a bad idea: that would definitely make it
easier to incorporate new capabilities into the standard protocol.
What I'm complaining about is the dynamic-loading part, and the
installation-dependent behavior.  I see no real advantage to either of
those aspects, and lots of risks.
        regards, tom lane