| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
| Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Should we get rid of custom_variable_classes altogether? |
| Date: | 2011-10-03 14:41:48 |
| Message-ID: | 15021.1317652908@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Andrew Dunstan <andrew(at)dunslane(dot)net> writes:
> On 10/03/2011 10:17 AM, Tom Lane wrote:
>> Right. Getting rid of custom_variable_classes should actually make
>> those use-cases easier, since it will eliminate a required setup step.
> So are we going to sanction using this as a poor man's session variable
> mechanism?
People already are doing that, sanctioned or not.
> If so maybe we should at least warn that anything set will be accessible
> by all roles, so security definer functions for example should be wary
> of trusting such values.
Since it's not documented anywhere, I'm not sure where we'd put such
a warning. I think anyone bright enough to think of such a hack should
be able to see the potential downsides, anyway.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dimitri Fontaine | 2011-10-03 14:54:36 | Re: [v9.2] DROP statement reworks |
| Previous Message | Andrew Dunstan | 2011-10-03 14:41:11 | Re: SPI_processed is not set for COPY statement |