Re: security_definer_search_path GUC

Pavel Stehule <pavel.stehule@gmail.com>

From: Pavel Stehule <pavel.stehule@gmail.com>
To: Joel Jacobson <joel@compiler.org>
Cc: Isaac Morland <isaac.morland@gmail.com>, Mark Dilger <mark.dilger@enterprisedb.com>, Marko Tiikkaja <marko@joh.to>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>, Chapman Flack <chap@anastigmatix.net>
Date: 2021-06-04T06:58:15Z
Lists: pgsql-hackers

Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Create a new GUC variable search_path to control the namespace search

Hi


>
> I realise "eliminate" is not really necessary, it would suffice to just
> allow setting a a sane default per database, and make that value immutable,
> then all data structures and code using wouldn't need to change, one would
> then only need to change the code that can mutate search_path, to prevent
> that from happening.
>

I understand that for some specific cases the search_path can be
problematic. On the other hand, the SQL database supports interactive work,
and then the search_path can save a lot of monkey work.

It is the same as using the command line without the possibility to
customize the PATH variable. The advantages and disadvantages are exactly
the same.

Regards

Pavel