Security vs "good enough in some cases" looks bad to me.
We don't find a agreement, because you are concentrated on transation,
me on session. And we have different expectations.
I do not understand your point, as usual. I raise a factual issue about
security, and you do not answer how this can be solved with your proposal,
but appeal to argument of authority and declare your "strong opinion".
I do not see any intrinsic opposition between having session objects and
transactions. Nothing prevents a session object to be transactional beyond
your willingness that it should not be.
Now, I do expect all PostgreSQL features to be security-wise, whatever
their scope.
I do not think that security should be traded for "cheap & fast", esp as
the sole use case for a feature is a security pattern that cannot be
implemented securely with it. This appears to me as a huge contradiction,
hence my opposition against this feature as proposed.
The good news is that I'm a nobody: if a committer is happy with your
patch, it will get committed, you do not need my approval.
--
Fabien.
