Re: Loose ends after CVE-2020-14350 (extension installation hazards) - Mailing list pgsql-hackers

From Chapman Flack
Subject Re: Loose ends after CVE-2020-14350 (extension installation hazards)
Date
Msg-id 5F36F1C6.2080307@anastigmatix.net
Whole thread Raw
In response to Re: Loose ends after CVE-2020-14350 (extension installation hazards)  (Tom Lane <tgl@sss.pgh.pa.us>)
List pgsql-hackers
On 08/14/20 15:38, Tom Lane wrote:

> (3) If the SQL syntax is really just "WITH variable value [, ...]"
> then I'm afraid we're going to have a lot of parse-ambiguity problems
> with wedging full SET syntax into that.  The ability for the righthand

There is precedent in the SET command for having one general syntax
usable for any GUC, and specialized ones for a few 'special' GUCs
(search_path, client_encoding, timezone).

Maybe WITH could be done the same way, inventing some less thorny syntax
for the general case

   WITH (foo = bar, baz), (quux = 42), XMLBINARY BASE64, a AS (SELECT...)

and treating just the few like XMLBINARY that appear in the standard
as having equivalent specialized productions?

The only examples of the syntax in the standard that are coming to mind
right now are those I've seen in the SQL/XML part, but I feel like I have
seen others, as if the committee kind of likes their WITH local-setting-
of-something syntax, and additional examples may continue to appear.

Regards,
-Chap



pgsql-hackers by date:

Previous
From: Mikhail Titov
Date:
Subject: Re: [bug+patch] Inserting DEFAULT into generated columns from VALUES RTE
Next
From: Alvaro Herrera
Date:
Subject: Re: run pgindent on a regular basis / scripted manner