Re: security_definer_search_path GUC
Julien Rouhaud <rjuju123@gmail.com>
From: Julien Rouhaud <rjuju123@gmail.com>
To: Joel Jacobson <joel@compiler.org>
Cc: Pavel Stehule <pavel.stehule@gmail.com>, Marko Tiikkaja <marko@joh.to>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2021-06-02T16:58:31Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Create a new GUC variable search_path to control the namespace search
- 838fe25a9532 7.3.1 cited
On Wed, Jun 02, 2021 at 02:46:08PM +0200, Joel Jacobson wrote: > > But perhaps the search_path as an uninstallable extension is a less invasive idea. I don't that that happening any time soon. An extension only adds SQL objects, it doesn't impact backend code. You can ship a module with your extension, but dropping an extension won't unload the module. And if it were then there's the *_preload_libraries that would totally nullify what you want. On top of that, it would also mean that the relation resolving could be changed by any other extension, which seems like a bad idea. > But search_path is not the only problem. I think it's also a problem objects > with the same identifies can be created in both pg_catalog and public. Can we > think of a valid reason why it is a good idea to continue to allow that? In > what real-life scenario is it needed? One somewhat acceptable use case is to replace catalog access with views to give access to some data e.g. some monitoring users. That's less a problem recently with the default roles, but still. There might be others.