On Mon, Feb 26, 2024 at 9:13 AM shveta malik <shveta.ma...@gmail.com> wrote:
>
> On Fri, Feb 23, 2024 at 7:41 PM Bertrand Drouvot
> <bertranddrouvot...@gmail.com> wrote:
> >
> > Hi,
> > > I think to set secure search path for remote connection, the standard
> > > approach
> > > could be to extend the code in libpqrcv_connect[1], so that we don't need
> > > to schema
> > > qualify all the operators in the queries.
> > >
> > > And for local connection, I agree it's also needed to add a
> > > SetConfigOption("search_path", "" call in the slotsync worker.
> > >
> > > [1]
> > > libpqrcv_connect
> > > ...
> > > if (logical)
> > > ...
> > > res = libpqrcv_PQexec(conn->streamConn,
> > >
> > > ALWAYS_SECURE_SEARCH_PATH_SQL);
> > >
> >
> > Agree, something like in the attached? (it's .txt to not disturb the CF
> > bot).
>
> Thanks for the patch, changes look good. I have corporated it in the
> patch which addresses the rest of your comments in [1]. I have
> attached the patch as .txt
>
Few comments:
===============
1.
- if (logical)
+ if (logical || !replication)
{
Can we add a comment about connection types that require
ALWAYS_SECURE_SEARCH_PATH_SQL?
2.
Can we add a test case to demonstrate that the '=' operator can be
hijacked to do different things when the slotsync worker didn't use
ALWAYS_SECURE_SEARCH_PATH_SQL?
--
With Regards,
Amit Kapila.
