Re: security_definer_search_path GUC - Mailing list pgsql-hackers

From Joel Jacobson
Subject Re: security_definer_search_path GUC
Date
Msg-id f0637f04-494a-460d-9cea-cf48c22cf24a@www.fastmail.com
Whole thread Raw
In response to Re: security_definer_search_path GUC  ("David G. Johnston" <david.g.johnston@gmail.com>)
List pgsql-hackers
On Mon, Jun 7, 2021, at 23:26, David G. Johnston wrote:
On Mon, Jun 7, 2021 at 1:55 PM Joel Jacobson <joel@compiler.org> wrote:

If we don't like "UNQUALIFIED" as a keyword, maybe we could reuse "PUBLIC"?
Or will that be confusing since "PUBLIC" is also a role_specification?


For me the concept resembles explicitly denoting certain schemas as being simple tags, while the actual "namespace" is the GLOBAL namespace.  Today there is no global namespace, all schemas generate their own individual namespace in addition to "tagging" their objects with a textual label.


Avoiding "public" is highly desirable.

To access a global object you should be able to still specify its schema tag.  Unqualified means "use search_path"; and "use search_path" includes global.  But there is a truth table waiting to be created to detail what combinations result in errors (including where those errors occur - runtime or creation time).

+1

/Joel

pgsql-hackers by date:

Previous
From: Tatsuro Yamada
Date:
Subject: Re: Duplicate history file?
Next
From: Michael Paquier
Date:
Subject: Re: Misplaced superuser check in pg_log_backend_memory_contexts()