Home > mailing lists

Re: Facility for detecting insecure object naming - Mailing list pgsql-hackers

From	Robert Haas
Subject	Re: Facility for detecting insecure object naming
Date	August 15, 2018 21:05:06
Msg-id	CA+TgmoaWYDrO8rva2VPe7UmDH6Uo2UQtsa7sSQ209XQc=LsXNQ@mail.gmail.com Whole thread Raw
In response to	Re: Facility for detecting insecure object naming (Bruce Momjian <bruce@momjian.us>)
Responses	Re: Facility for detecting insecure object naming
List	pgsql-hackers

Tree view

On Tue, Aug 14, 2018 at 4:42 PM, Bruce Momjian <bruce@momjian.us> wrote:
> So you are saying PG functions should lock down their search path at
> function definition time, and use that for all function invocations?

Yes, mostly.  I don't think we can just change the existing behavior;
it would break a catastrophic amount of stuff.  But we could add an
optional feature that does this, and encourage people to use it, much
the way Perl continues to support "local" even though "my" has been a
best practice for several decades.

-- 
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

pgsql-hackers by date:

From: Robert Haas
Date: 15 August 2018, 20:58:54
Subject: Re: C99 compliance for src/port/snprintf.c

From: Nico Williams
Date: 15 August 2018, 21:40:55
Subject: Re: Facility for detecting insecure object naming

Re: Facility for detecting insecure object naming - Mailing list pgsql-hackers

Previous

Next