2016-12-31 18:46 GMT+01:00 Fabien COELHO <coe...@cri.ensmp.fr>: > > DROP VARIABLE super_secret; >>> CREATE VARIABLE super_secret ...; >>> >> >> But you don't do it in functions - these variables are persistent - you >> don't create it or drop inside functions. The content is secure, so you >> don't need to hide this variable against other. >> > > ISTM that you are still missing my point. > > I understood that you want a static analysis tool to re-assure you about > how your session variables are manipulated. I do not see how such a tool > can give any assurance without checking that the variable meta-data are not > changed by some malicious code inserted in a function.
if you afraid this, then just use grep to verify functions that have this code. It is same like tables - you can generate it dynamicly, but is risks - similar to use dynamic SQL. Sure, there is a exceptions - but there are rules for PL - don't use dynamic SQL if it is not deadly necessary, use SQL security, not own, ... > > > >>> I'm not sure that I understand these sentences. >>> >> >> >> so I don't prefer any design that increase a area where plpgsql_check >> should not work. >> > > My assumption is that plpgsql_check can be improved. For instance, I > assume that if "secure session variables" are added, then it will be > enhanced to do some checking about these and take them into account. If > "simple session variables" are added, I assume that it would also be > updated accordingly. in simple session variables there are not any safe point - any authoritative point. Sure I can do some - I can introduce some hints, etc - but it is workaround - nothing more - it like C development without header files. > > > I wrote my notes there. >>> >>>> >>>> >>> Great! I restructured a little bit and tried to improve the English. I >>> also added questions when some statement that I think are too optimistic, >>> or are unclear to me. >>> >> >> we have just different perspectives >> > > I'm trying to have sentences that are both clear and true. If I think that > a sentence is imprecise because it is missing a key hypothesis, then I try > to improve it, whether it is mine or someone else. > > > -- > Fabien. >
