Re: security_definer_search_path GUC - Mailing list pgsql-hackers

From Pavel Stehule
Subject Re: security_definer_search_path GUC
Date
Msg-id CAFj8pRBxX0xL7KuRP6cd0NycZ-GmRJs_YKQsLO2MdqZru1pz7g@mail.gmail.com
Whole thread Raw
In response to Re: security_definer_search_path GUC  ("Joel Jacobson" <joel@compiler.org>)
Responses Re: security_definer_search_path GUC
List pgsql-hackers


út 1. 6. 2021 v 13:13 odesílatel Joel Jacobson <joel@compiler.org> napsal:
On Tue, Jun 1, 2021, at 12:55, Pavel Stehule wrote:


út 1. 6. 2021 v 12:53 odesílatel Joel Jacobson <joel@compiler.org> napsal:
On Tue, Jun 1, 2021, at 10:44, Pavel Stehule wrote:
Operators use schemas too.  I cannot imagine any work with operators with the necessity of explicit schemas.

I thought operators are mostly installed in the public schema, in which case that wouldn't be a problem, or am I missing something here?

It is inconsistency - if I use schema for almost all, then can be strange to store operators just to public.

I don't agree. If an extension provides functionality that is supposed to be used by all parts of the system, then I think the 'public' schema is a good choice.

I disagree

usual design of extensions (when schema is used) is

create schema ...
set schema ...

create table
create function
...

It is hard to say if it is good or it is bad. Orafce using my own schema, and some things are in public (and some in pg_catalog), and people don't tell me, so it was a good choice.

Regards

Pavel


Using schemas only for the sake of separation, i.e. adding the schemas to the search_path, to make them implicitly available, is IMO an ugly hack, since if just wanting separation without fully-qualifying, then packaging the objects are separate extensions is much cleaner. That way you can easily see what objects are provided by each extension using \dx+.

/Joel

pgsql-hackers by date:

Previous
From: Aleksander Alekseev
Date:
Subject: Re: Table AM modifications to accept column projection lists
Next
From: Amit Langote
Date:
Subject: Re: join pushdown and issue with foreign update