Re: [HACKERS] proposal: session server side variables - Mailing list pgsql-hackers

From Fabien COELHO
Subject Re: [HACKERS] proposal: session server side variables
Date
Msg-id alpine.DEB.2.20.1612261717460.4911@lancre
Whole thread Raw
In response to Re: [HACKERS] proposal: session server side variables  (Pavel Stehule <pavel.stehule@gmail.com>)
Responses Re: [HACKERS] proposal: session server side variables
List pgsql-hackers
> please, can send link?

My badly interpreted PL/SQL example was on the same page you point to 
below:

> so some better documentation
> https://docs.oracle.com/cd/E11882_01/appdev.112/e25519/packages.htm#LNPLS99926

There is a private 'number_hired' which given its name I thought was 
counting the number of employee, but it was just counting the number of 
"hire_employee" calls in the current session... Not very interesting.

> I am sure, so package variables are not shared between sessions/backends

Indeed, I misinterpreted the Oracle documentation example.


>> [ grantable function example to access a private session variable... ]
>
> I am sorry, it is not secure. Theoretically it can work if you have 
> granted order of function calls, but if not?

I'm not sure I understand.

If you do not grant/revoke permissions as you want on the functions, then 
it can be invoked by anybody.

My point is that it is *possible* to tune permissions so as to control 
exactly who may access a private session variable.

That is exactly the same with a grantable session variable if you do not 
have done the necessary grant/revoke, there is no difference?

-- 
Fabien.



pgsql-hackers by date:

Previous
From: Pavel Stehule
Date:
Subject: Re: [HACKERS] proposal: session server side variables
Next
From: Pavel Stehule
Date:
Subject: Re: [HACKERS] proposal: session server side variables