Re: [v9.2] Fix Leaky View Problem - Mailing list pgsql-hackers

From Kohei KaiGai
Subject Re: [v9.2] Fix Leaky View Problem
Date
Msg-id CADyhKSX8gZPUZEXoiUmj84TnXNuzWQbPKTM8_9Dj9scu-kx5mg@mail.gmail.com
Whole thread Raw
In response to Re: [v9.2] Fix Leaky View Problem  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: [v9.2] Fix Leaky View Problem
List pgsql-hackers
2011/9/7 Tom Lane <tgl@sss.pgh.pa.us>:
> Noah Misch <noah@leadboat.com> writes:
>> I liked NOLEAKY for its semantics, though I probably would have spelled it
>> "LEAKPROOF".  PostgreSQL will trust the function to implement a specific,
>> relatively-unintuitive security policy.  We want the function implementers to
>> read that policy closely and not rely on any intuition they have about the
>> "trusted" term of art.  Our use of TRUSTED in CREATE LANGUAGE is more
>> conventional, I think, as is the trusted nature of SECURITY DEFINER.  In that
>> vein, folks who actually need SECURITY DEFINER might first look at TRUSTED;
>> NOLEAKY would not attract the same unwarranted attention.
>
> I agree that TRUSTED is a pretty bad choice here because of the high
> probability that people will think it means something else than what
> it really means.  LEAKPROOF isn't too bad.
>
It seems to me LEAKPROOF is never confusable for everyone, and
no conflicts with other concept, although it was not in my vocaburary.

If no better idea anymore, I'll submit the patch again; with LEAKPROOF keyword.

Thanks,
--
KaiGai Kohei <kaigai@kaigai.gr.jp>


pgsql-hackers by date:

Previous
From: Dave Cramer
Date:
Subject: Re: error building head on OS X 10.7.1
Next
From: Andrew Dunstan
Date:
Subject: Re: [v9.2] Fix Leaky View Problem