Re: Prevent extension creation in temporary schemas
| От | Tom Lane |
|---|---|
| Тема | Re: Prevent extension creation in temporary schemas |
| Дата | |
| Msg-id | 9204.1551412372@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Re: Prevent extension creation in temporary schemas (Michael Paquier <michael@paquier.xyz>) |
| Ответы |
Re: Prevent extension creation in temporary schemas
|
| Список | pgsql-hackers |
Michael Paquier <michael@paquier.xyz> writes:
> On Thu, Feb 28, 2019 at 10:13:17AM -0500, Tom Lane wrote:
>> Yeah, I think it's just because we won't search the pg_temp schema
>> for function or operator names, unless the calling SQL command
>> explicitly writes "pg_temp.foo(...)" or equivalent. That's an
>> ancient security decision, which we're unlikely to undo. It
>> certainly puts a crimp in the usefulness of putting extensions into
>> pg_temp, but I don't think it totally destroys the usefulness.
>> You could still use an extension to package, say, the definitions
>> of a bunch of temp tables and views that you need to create often.
> Even with that, it should still be possible to enforce search_path
> within the extension script to allow such objects to be created
> correctly, no? That would be a bit hacky, still for the purpose of
> temp object handling that looks kind of enough to live with when
> creating an extension.
If you're suggesting that we disable that security restriction
during extension creation, I really can't see how that'd be a
good thing ...
regards, tom lane
В списке pgsql-hackers по дате отправления: