Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tTkry-009lqf-Py for pgsql-general@arkaria.postgresql.org; Fri, 03 Jan 2025 16:49:55 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1tTkr0-003Rfb-51 for pgsql-general@arkaria.postgresql.org; Fri, 03 Jan 2025 16:48:53 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tTkqz-003RfS-RD for pgsql-general@lists.postgresql.org; Fri, 03 Jan 2025 16:48:53 +0000 Received: from gaoxing.magnetkern.de ([167.235.225.147]) by magus.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1tTkqy-0003eK-03 for pgsql-general@lists.postgresql.org; Fri, 03 Jan 2025 16:48:53 +0000 Received: from titanium.fritz.box (p200300c26f20ef00264bfefffe54b09c.dip0.t-ipconnect.de [IPv6:2003:c2:6f20:ef00:264b:feff:fe54:b09c]) by gaoxing.magnetkern.de (Postfix) with ESMTPSA id 3AEF373541; Fri, 03 Jan 2025 17:50:05 +0100 (CET) Date: Fri, 3 Jan 2025 17:48:49 +0100 From: Jan Behrens To: "David G. Johnston" Cc: "pgsql-general@lists.postgresql.org" Subject: Re: search_path for PL/pgSQL functions partially cached? Message-Id: <20250103174849.f071d9c6942f76a9b812157c@magnetkern.de> In-Reply-To: References: <20241227205025.1d059f72c7c08d23c9648c26@magnetkern.de> <20241228004009.267f21b78394c934f27f9974@magnetkern.de> <20250103135332.7910a008714abaa04d32e5e2@magnetkern.de> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; amd64-portbld-freebsd14.1) Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Fri, 3 Jan 2025 08:34:57 -0700 "David G. Johnston" wrote: > On Friday, January 3, 2025, Jan Behrens wrote: > > > > I would like to know if the above example is correct. It seems overall > > bulky, but I haven't found a better way, assuming that it can be > > unknown where a particular extension has been installed to. In > > particular I feel a bit insecure about where I have to fully qualify, > > and where not. See the comments in the code above. > > > Short answer, you cannot looking at a definition and know the answer - > whether the code is going to be executed in a sanitized search_path is what > matters. I don't understand. Do you mean my last example is wrong / insecure? If so, why? > Anything that would be executed during pg_restore has to be made > safe. Therefore, code that is only ever executed by applications directly > can use swarch_path. Why should the function be executed during pg_restore? > > I’d probably modify the function signature to take search_path as a second > optional argument and then invoke a set search_path within the function. > At worse the caller can place current_setting(search_path) as the value of > that argument though being explicit would be recommended. > > David J. I could do that, but I would like to understand if that is really necessary as it makes the interface more complicated, and I would like to avoid unnecessary complexity in my interface. Is it really impossible to have functions without SET search_path in the definition of a PL/pgSQL function if I fully-qualify all types in the DECLARE section and if all other non-qualified identifiers occur after set_config('search_path', ...)? Kind regards, Jan Behrens