Re: security_definer_search_path GUC

Joel Jacobson <joel@compiler.org>

From: "Joel Jacobson" <joel@compiler.org>
To: "David G. Johnston" <david.g.johnston@gmail.com>
Cc: "Pavel Stehule" <pavel.stehule@gmail.com>, "Marko Tiikkaja" <marko@joh.to>, "PostgreSQL Hackers" <pgsql-hackers@lists.postgresql.org>
Date: 2021-06-08T02:48:20Z
Lists: pgsql-hackers

Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Create a new GUC variable search_path to control the namespace search

On Mon, Jun 7, 2021, at 23:26, David G. Johnston wrote:
> On Mon, Jun 7, 2021 at 1:55 PM Joel Jacobson <joel@compiler.org> wrote:
>> __
>> If we don't like "UNQUALIFIED" as a keyword, maybe we could reuse "PUBLIC"?
>> Or will that be confusing since "PUBLIC" is also a role_specification?
>> 
> 
> For me the concept resembles explicitly denoting certain schemas as being simple tags, while the actual "namespace" is the GLOBAL namespace.  Today there is no global namespace, all schemas generate their own individual namespace in addition to "tagging" their objects with a textual label.
> 
> 
> Avoiding "public" is highly desirable.
> 
> To access a global object you should be able to still specify its schema tag.  Unqualified means "use search_path"; and "use search_path" includes global.  But there is a truth table waiting to be created to detail what combinations result in errors (including where those errors occur - runtime or creation time).

+1

/Joel