Re: security_definer_search_path GUC

Joel Jacobson <joel@compiler.org>

From: "Joel Jacobson" <joel@compiler.org>
To: "Pavel Stehule" <pavel.stehule@gmail.com>
Cc: "Marko Tiikkaja" <marko@joh.to>, "PostgreSQL Hackers" <pgsql-hackers@lists.postgresql.org>
Date: 2021-06-01T15:56:43Z
Lists: pgsql-hackers

Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Create a new GUC variable search_path to control the namespace search

On Tue, Jun 1, 2021, at 14:41, Pavel Stehule wrote:
> út 1. 6. 2021 v 13:13 odesílatel Joel Jacobson <joel@compiler.org> napsal:
>> __I don't agree. If an extension provides functionality that is supposed to be used by all parts of the system, then I think the 'public' schema is a good choice.
> 
> I disagree
> 
> usual design of extensions (when schema is used) is
> 
> create schema ...
> set schema ...
> 
> create table
> create function
> 
> It is hard to say if it is good or it is bad.

Yes, it's hard, because it's a matter of taste.
Some prefer convenience, others clarity/safety.

> Orafce using my own schema, and some things are in public (and some in pg_catalog), and people don't tell me, so it was a good choice.

I struggle to understand this last sentence.
So you orafce extension installs objects in both public and pg_catalog, right.
But what do you mean with "people don't tell me"?
And what "was a good choice"?

Thanks for explaining.

/Joel