On Fri, May 29, 2009 at 7:53 PM, Greg Stark <stark@enterprisedb.com> wrote:
> On Fri, May 29, 2009 at 11:18 PM, Robert Haas <robertmhaas@gmail.com> wrote:
>>
>> Good point. But maybe there's some way of getting some kind of
>> behavior that is closer to lexical scoping/early binding? Because the
>> way it works right now has lousy security implications, beyond being
>> difficult for search_path management. Assign a search path to a
>> schema, that applies to views and functions defined therein?
>> *brainstorming*
>
> Well we already set search_path locally in SECURITY DEFINER functions.
> Normal functions run with the credentials of the caller so that's not
> an issue.
Maybe not for security, but certainly it is for correctness.
> But if a SECURITY DEFINER function calls another function that other
> function will inherit the credentials of the caller so it must inherit
> the search path of the caller as well. So that has to be dynamically
> scoped.
>
> I'm beginning to understand why Oracle programmers are accustomed to
> setting SECURITY DEFINER everywhere. I think Oracle also knows to
> treat such code as lexically scoped and can bind references when
> loading such code.
Uh... if I'm understanding you correctly, then I'm really hoping we
engineer a better solution for PostgreSQL.
...Robert