Re: [HACKERS] proposal: session server side variables

>>    DROP VARIABLE super_secret;
>>    CREATE VARIABLE super_secret ...;
>
> But you don't do it in functions - these variables are persistent - you
> don't create it or drop inside functions. The content is secure, so you
> don't need to hide this variable against other.

ISTM that you are still missing my point.

I understood that you want a static analysis tool to re-assure you about 
how your session variables are manipulated. I do not see how such a tool 
can give any assurance without checking that the variable meta-data are 
not changed by some malicious code inserted in a function.

>>
>> I'm not sure that I understand these sentences.
>
>
> so I don't prefer any design that increase a area where plpgsql_check
> should not work.

My assumption is that plpgsql_check can be improved. For instance, I 
assume that if "secure session variables" are added, then it will be 
enhanced to do some checking about these and take them into account. If 
"simple session variables" are added, I assume that it would also be 
updated accordingly.

>> I wrote my notes there.
>>>
>>
>> Great! I restructured a little bit and tried to improve the English. I
>> also added questions when some statement that I think are too optimistic,
>> or are unclear to me.
>
> we have just different perspectives

I'm trying to have sentences that are both clear and true. If I think that 
a sentence is imprecise because it is missing a key hypothesis, then I try 
to improve it, whether it is mine or someone else.

-- 
Fabien.