On Fri, Nov 22, 2019 at 04:06:14PM -0800, Adrian Klaver wrote:
> On 11/22/19 3:52 PM, stan wrote:
> > A while back I ran into problems caused by security fix related to the
> > search path. I wound up adding a line to. for instance, this function:
> >
> > REATE FUNCTION
> > work_hours
> > (
> > start_date date,
> > end_date date
> > )
> > RETURNS decimal(10,4) stable
> > language sql as $$
> >
> > /* workaround for secuirty "feature" */
> > SET search_path TO ica, "user" , public;
> >
> > SELECT
> > sum(case when
> > extract(isodow from d)
> > between 1 and 5 then
> > 8.0 else
> > +0.0 end)
> > from
> >
> > generate_series($1,
> > $2, interval
> > '24 hours') d;
> >
> > $$;
> >
> > And walked away happy, or so I thought. Now I just got this error:
> >
> > [local] stan@stan=# select * from ttl_avail_hours_by_project_and_employee ;
> > ERROR: SET is not allowed in a non-volatile function
> > CONTEXT: SQL function "work_hours" during startup
> >
> > How can I solve this issue?
>
>
> I thought I was missing something. Third option. As example:
>
> https://www.postgresql.org/docs/11/sql-createfunction.html
>
> Writing
> SECURITY DEFINER
> Functions Safely
>
>
> ...
>
> $$ LANGUAGE plpgsql
> SECURITY DEFINER
> -- Set a secure search_path: trusted schema(s), then 'pg_temp'.
> SET search_path = admin, pg_temp;
>
> Put the SET outside the function body.
OH, that seems the cleanest way to do this.
Thanks.
--
"They that would give up essential liberty for temporary safety deserve
neither liberty nor safety."
-- Benjamin Franklin
