KaiGai Kohei wrote:
> Gregory Stark wrote:
> > KaiGai Kohei <[email protected]> writes:
> >
> >> I didn't replace the previous implementation blindly, I have a few
> >> reasons that the current one is better than previous one.
> >>
> >> For example, if an input handler has side-effects, what is happen in
> >> the following query?
> >>
> >> SELECT 'valid_but_new_security_label'::regseclabel;
> >>
> >> It looks like a read-only query, but the input handler can insert a new
> >> tuple into pg_security. In addition, the newly inserted tuple may not
> >> be refered any more. It is a waste of spaces.
> >
> > Ooh, and how would we know when to vacuum this label?
>
> It is not necessary, because the number of security labels
> are assumed enough small.
Yep. I agree doing something like regproc makes sense:
test=> \d pg_operator
Table "pg_catalog.pg_operator"
Column | Type | Modifiers
--------------+---------+-----------
oprname | name | not null
oprnamespace | oid | not null
oprowner | oid | not null
oprkind | "char" | not null
oprcanmerge | boolean | not null
oprcanhash | boolean | not null
oprleft | oid | not null
oprright | oid | not null
oprresult | oid | not null
oprcom | oid | not null
oprnegate | oid | not null
--> oprcode | regproc | not null
--> oprrest | regproc | not null
--> oprjoin | regproc | not null
but the auto-creation of pg_security rows does make this problematic.
regproc works because it only supports pre-created pg_proc rows.
Can we support two data types, one for read-only and another for
possible creation? That is not going to work for a query like
SELECT * FROM x WHERE col !=
'valid_but_new_security_label'::regseclabel;
because the cast would fail if the pg_security row doesn't exist, but
the query itself perhaps might succeed and return rows.
Can we require joins to use pg_security directly? I wish I could think
of some magic that indicated the pg_security row should be created.
--
Bruce Momjian <[email protected]> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
--
Sent via pgsql-hackers mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
