| From: | Florian Pflug <fgp(at)phlo(dot)org> |
|---|---|
| To: | Kevin Grittner <Kevin(dot)Grittner(at)wicourts(dot)gov> |
| Cc: | "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Compatibility GUC for serializable |
| Date: | 2011-01-11 11:18:03 |
| Message-ID: | 2167B399-65E1-4B2F-8F8B-6DC28652C566@phlo.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Jan10, 2011, at 23:56 , Kevin Grittner wrote:
>> The proposed GUC would suppress the monitoring in SERIALIZABLE
>> mode and avoid the new serialization failures, thereby providing
>> legacy behavior -- anomalies and all.
>
> After posting that I realized that there's no technical reason that
> such a GUC couldn't be set within each session as desired, as long
> as we disallowed changes after the first snapshot of a transaction
> was acquired. The IsolationIsSerializable() macro could be modified
> to use that along with XactIsoLevel.
From a security point of view, it seems dangerous to allow
such a GUC to be set by non-superusers. It might allow users to
e.g. circumvent some access control scheme by exploiting a race
condition that only exists without true serializability.
The risk of confusion is also much higher if such a thing can be
set per-session.
So, if we need such a GUC at all, which I'm not sure we do, I
believe it should be settable only from postgresql.conf and the
command line.
best regards,
Florian Pflug
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jan Urbański | 2011-01-11 11:20:09 | Re: pl/python custom exceptions for SPI |
| Previous Message | Robert Haas | 2011-01-11 11:17:03 | Re: system views for walsender activity |