Re: [HACKERS] proposal: session server side variables
От | Fabien COELHO |
---|---|
Тема | Re: [HACKERS] proposal: session server side variables |
Дата | |
Msg-id | alpine.DEB.2.20.1612311830090.7802@lancre обсуждение исходный текст |
Ответ на | Re: [HACKERS] proposal: session server side variables (Pavel Stehule <pavel.stehule@gmail.com>) |
Ответы |
Re: [HACKERS] proposal: session server side variables
|
Список | pgsql-hackers |
>> DROP VARIABLE super_secret; >> CREATE VARIABLE super_secret ...; > > But you don't do it in functions - these variables are persistent - you > don't create it or drop inside functions. The content is secure, so you > don't need to hide this variable against other. ISTM that you are still missing my point. I understood that you want a static analysis tool to re-assure you about how your session variables are manipulated. I do not see how such a tool can give any assurance without checking that the variable meta-data are not changed by some malicious code inserted in a function. >> >> I'm not sure that I understand these sentences. > > > so I don't prefer any design that increase a area where plpgsql_check > should not work. My assumption is that plpgsql_check can be improved. For instance, I assume that if "secure session variables" are added, then it will be enhanced to do some checking about these and take them into account. If "simple session variables" are added, I assume that it would also be updated accordingly. >> I wrote my notes there. >>> >> >> Great! I restructured a little bit and tried to improve the English. I >> also added questions when some statement that I think are too optimistic, >> or are unclear to me. > > we have just different perspectives I'm trying to have sentences that are both clear and true. If I think that a sentence is imprecise because it is missing a key hypothesis, then I try to improve it, whether it is mine or someone else. -- Fabien.
В списке pgsql-hackers по дате отправления: