Re: search_path vs extensions
| От | Robert Haas |
|---|---|
| Тема | Re: search_path vs extensions |
| Дата | |
| Msg-id | 603c8f070905291815k48ac29d6w30b3094b59223ffc@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: search_path vs extensions (Greg Stark <stark@enterprisedb.com>) |
| Список | pgsql-hackers |
On Fri, May 29, 2009 at 7:53 PM, Greg Stark <stark@enterprisedb.com> wrote: > On Fri, May 29, 2009 at 11:18 PM, Robert Haas <robertmhaas@gmail.com> wrote: >> >> Good point. But maybe there's some way of getting some kind of >> behavior that is closer to lexical scoping/early binding? Because the >> way it works right now has lousy security implications, beyond being >> difficult for search_path management. Assign a search path to a >> schema, that applies to views and functions defined therein? >> *brainstorming* > > Well we already set search_path locally in SECURITY DEFINER functions. > Normal functions run with the credentials of the caller so that's not > an issue. Maybe not for security, but certainly it is for correctness. > But if a SECURITY DEFINER function calls another function that other > function will inherit the credentials of the caller so it must inherit > the search path of the caller as well. So that has to be dynamically > scoped. > > I'm beginning to understand why Oracle programmers are accustomed to > setting SECURITY DEFINER everywhere. I think Oracle also knows to > treat such code as lexically scoped and can bind references when > loading such code. Uh... if I'm understanding you correctly, then I'm really hoping we engineer a better solution for PostgreSQL. ...Robert
В списке pgsql-hackers по дате отправления: