Re: security_definer_search_path GUC

Joel Jacobson <joel@compiler.org>

From: "Joel Jacobson" <joel@compiler.org>
To: "Pavel Stehule" <pavel.stehule@gmail.com>
Cc: "Marko Tiikkaja" <marko@joh.to>, "PostgreSQL Hackers" <pgsql-hackers@lists.postgresql.org>
Date: 2021-06-01T11:12:42Z
Lists: pgsql-hackers

Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Create a new GUC variable search_path to control the namespace search

On Tue, Jun 1, 2021, at 12:55, Pavel Stehule wrote:
> 
> 
> út 1. 6. 2021 v 12:53 odesílatel Joel Jacobson <joel@compiler.org> napsal:
>> On Tue, Jun 1, 2021, at 10:44, Pavel Stehule wrote:
>>> Operators use schemas too.  I cannot imagine any work with operators with the necessity of explicit schemas.
>> 
>> I thought operators are mostly installed in the public schema, in which case that wouldn't be a problem, or am I missing something here?
> 
> It is inconsistency - if I use schema for almost all, then can be strange to store operators just to public. 

I don't agree. If an extension provides functionality that is supposed to be used by all parts of the system, then I think the 'public' schema is a good choice.

Using schemas only for the sake of separation, i.e. adding the schemas to the search_path, to make them implicitly available, is IMO an ugly hack, since if just wanting separation without fully-qualifying, then packaging the objects are separate extensions is much cleaner. That way you can easily see what objects are provided by each extension using \dx+.

/Joel