On Fri, May 29, 2009 at 7:53 PM, Greg Stark <st...@enterprisedb.com> wrote: > On Fri, May 29, 2009 at 11:18 PM, Robert Haas <robertmh...@gmail.com> wrote: >> >> Good point. But maybe there's some way of getting some kind of >> behavior that is closer to lexical scoping/early binding? Because the >> way it works right now has lousy security implications, beyond being >> difficult for search_path management. Assign a search path to a >> schema, that applies to views and functions defined therein? >> *brainstorming* > > Well we already set search_path locally in SECURITY DEFINER functions. > Normal functions run with the credentials of the caller so that's not > an issue.
Maybe not for security, but certainly it is for correctness. > But if a SECURITY DEFINER function calls another function that other > function will inherit the credentials of the caller so it must inherit > the search path of the caller as well. So that has to be dynamically > scoped. > > I'm beginning to understand why Oracle programmers are accustomed to > setting SECURITY DEFINER everywhere. I think Oracle also knows to > treat such code as lexically scoped and can bind references when > loading such code. Uh... if I'm understanding you correctly, then I'm really hoping we engineer a better solution for PostgreSQL. ...Robert -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
