On Thu, Jun 3, 2021 at 7:30 PM Mark Dilger <mark.dil...@enterprisedb.com> wrote:
> > On Jun 3, 2021, at 9:03 AM, Pavel Stehule <pavel.steh...@gmail.com> > wrote: > > > > I agree so some possibility of locking search_path or possibility to > control who and when can change it can increase security. This should be a > core feature. It's maybe more generic issue - same functionality can be > required for work_mem setting, maybe max_paralel_workers_per_gather, and > other GUC > > Chapman already suggested a mechanism in [1] to allow chaining together > additional validators for GUCs. > > When setting search_path, the check_search_path(char **newval, void > **extra, GucSource source) function is invoked. As I understand Chapman's > proposal, additional validators could be added to any GUC. You could > implement search_path restrictions by defining additional validators that > enforce whatever restriction you like. > > Marko, does his idea sound workable for your needs? I understood your > original proposal as only restricting the value of search_path within > security definer functions. This idea would allow you to restrict it > everywhere, and not tailored to just that context. > Yeah, that would work for my use case just as well. .m
