KaiGai Kohei wrote:
> Gregory Stark wrote:
> > KaiGai Kohei <kaigai@kaigai.gr.jp> writes:
> >
> >> I didn't replace the previous implementation blindly, I have a few
> >> reasons that the current one is better than previous one.
> >>
> >> For example, if an input handler has side-effects, what is happen in
> >> the following query?
> >>
> >> SELECT 'valid_but_new_security_label'::regseclabel;
> >>
> >> It looks like a read-only query, but the input handler can insert a new
> >> tuple into pg_security. In addition, the newly inserted tuple may not
> >> be refered any more. It is a waste of spaces.
> >
> > Ooh, and how would we know when to vacuum this label?
>
> It is not necessary, because the number of security labels
> are assumed enough small.
Yep. I agree doing something like regproc makes sense:
test=> \d pg_operator Table "pg_catalog.pg_operator" Column | Type |
Modifiers--------------+---------+-----------oprname | name | not null oprnamespace | oid | not null
oprowner | oid | not null oprkind | "char" | not null oprcanmerge | boolean | not null oprcanhash |
boolean| not null oprleft | oid | not null oprright | oid | not null oprresult | oid | not null
oprcom | oid | not null oprnegate | oid | not null
--> oprcode | regproc | not null
--> oprrest | regproc | not null
--> oprjoin | regproc | not null
but the auto-creation of pg_security rows does make this problematic.
regproc works because it only supports pre-created pg_proc rows.
Can we support two data types, one for read-only and another for
possible creation? That is not going to work for a query like
SELECT * FROM x WHERE col != 'valid_but_new_security_label'::regseclabel;
because the cast would fail if the pg_security row doesn't exist, but
the query itself perhaps might succeed and return rows.
Can we require joins to use pg_security directly? I wish I could think
of some magic that indicated the pg_security row should be created.
-- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB
http://enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +