Re: [HACKERS] proposal: schema variables
Fabien COELHO <coelho@cri.ensmp.fr>
Commits
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Move WAL sequence code into its own file
- a87987cafca6 19 (unreleased) cited
-
Add ExplainState argument to pg_plan_query() and planner().
- c83ac02ec730 19 (unreleased) cited
-
Don't include access/htup_details.h in executor/tuptable.h
- 1a8b5b11e48a 19 (unreleased) cited
-
Refactor to avoid code duplication in transformPLAssignStmt.
- b0fb2c6aa5a4 19 (unreleased) cited
-
Avoid including commands/dbcommands.h in so many places
- 325fc0ab14d1 19 (unreleased) cited
-
Restrict psql meta-commands in plain-text dumps.
- 71ea0d679543 19 (unreleased) cited
-
Split func.sgml into more manageable pieces
- 4e23c9ef65ac 19 (unreleased) cited
-
Fix squashing algorithm for query texts
- 0f65f3eec478 18.0 cited
-
EXPLAIN: Always use two fractional digits for row counts.
- 95dbd827f2ed 18.0 cited
-
Preliminary refactoring of plpgsql expression construction.
- a654af21ae52 18.0 cited
-
plpgsql: pure parser and reentrant scanner
- 7b27f5fd36cb 18.0 cited
-
Add some sanity checks in executor for query ID reporting
- 24f520594809 18.0 cited
-
Fix misleading error message context
- 4af123ad45bd 18.0 cited
-
Add macros for looping through a List without a ListCell.
- 14dd0f27d7cd 17.0 cited
Hello Pavel L. >> I do not understand your point, as usual. I raise a factual issue about >> security, and you do not answer how this can be solved with your proposal, >> but appeal to argument of authority and declare your "strong opinion". >> >> I do not see any intrinsic opposition between having session objects and >> transactions. Nothing prevents a session object to be transactional beyond >> your willingness that it should not be. >> >> Now, I do expect all PostgreSQL features to be security-wise, whatever >> their scope. >> >> I do not think that security should be traded for "cheap & fast", esp as >> the sole use case for a feature is a security pattern that cannot be >> implemented securely with it. This appears to me as a huge contradiction, >> hence my opposition against this feature as proposed. > > I can't to agree with your position. > > Consider this example. I want to record some inappropriate user actions > to audit table and rollback transaction. But aborting transaction will > also abort record to audit table. So, do not use tables, becouse they > have security implications. Indeed, you cannot record a transaction failure from a transaction. > This is very similar to your approach. I understand that your point is that some use case could require a non transactional session variable. I'm not sure of how the use case would go on though, because once the "attacker" disconnects, the session variable disappears, so it does not record that there was a problem. Anyway, I'm not against having session variables per se. I'm argumenting that there is a good case to have them transactional by default, and possibly an option to have them non transactional if this is really needed by some use case to provide. The only use case put forward by Pavel S. is the security audit one where a session variable stores that audit checks have been performed, which AFAICS cannot be implemented securely with the proposed non transactional session variables. -- Fabien.