Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1s9rOd-005blS-Iq for pgsql-general@arkaria.postgresql.org; Wed, 22 May 2024 19:13:08 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1s9rOd-002rw3-IG for pgsql-general@arkaria.postgresql.org; Wed, 22 May 2024 19:13:07 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1s9rOd-002rvs-6r for pgsql-general@lists.postgresql.org; Wed, 22 May 2024 19:13:07 +0000 Received: from mail-ot1-x32a.google.com ([2607:f8b0:4864:20::32a]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1s9rOa-000FSf-9K for pgsql-general@lists.postgresql.org; Wed, 22 May 2024 19:13:06 +0000 Received: by mail-ot1-x32a.google.com with SMTP id 46e09a7af769-6f10092c8c7so3487543a34.1 for ; Wed, 22 May 2024 12:13:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1716405183; x=1717009983; darn=lists.postgresql.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=cxgJjeNRcs1z+Q5HF5mZyMT9356tlxEOVHxP7aO+5Jg=; b=BbavvlcFI3UUud5eTaBCz7oDclBGauWrHpjHzdG0HhEfyZ5NL60oK0m1JjSWXei8+u krZMveBvFNW8dJoJGewuzS1RMlUvoxgVnSToijwt1TTnE37tsg2E/8qHl5GwAQm69wtr USh4qI9QcvCNTHEke40wYdUgkudcdpjAQnI/gL3qIQ6LojJEshzCLKPFoToCf/DoMby9 nnh0cnJLqnx7VROwMClCfD/LCLms5mBsdPVIrbW/IBkWhUk9YJsXFq/E6PBqd2bSUn/K JAmCWqOF59ulKO/ZSd4F17SduAOvdjAQOUPw6aVh8yHD6zheZK6hsche9dnL1zyUINCX w+aQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1716405183; x=1717009983; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=cxgJjeNRcs1z+Q5HF5mZyMT9356tlxEOVHxP7aO+5Jg=; b=H5C3LU2tkiwRryXPI0Ly1W5bu7Co9floEqCEDJObZYRkupRHUajBhGP8IaP9j0PC+4 sf+WwC9b/mSfK8JyuPZ6gfvvxi6+vUUwY/UGoybpVbX9RiLnCH5Dm//Wh2JOAlugQCCC OAOgvZnkv+VPKAOLfBf0pppFY9qn40MOm4cu0OlYaSDhBBEfjQ43gs515LwsK8a5J9wL cMXfUt6blyoF0nECwyLlLz9YDeU90rJEKYQcyNdEt8vms988iSjHO/HKkB4pACluZ19h 4ENysTuDHwGxq8OD9cR2V+DcWjq0DjKWhJZ9gP9wQyTlw9H7YM4F8bhSsctkb7uGmXi9 jV6A== X-Gm-Message-State: AOJu0YzbzE6xhDsI/O3dFPQM52mLL5zMjJElfJT38dNhAO0aFyy0Xv5I 4PjcuvQqR2MaCUMV2hnuQpEQlAlOYoRABCr+Z0ddJbr9rd2zyDd6THWOfY0f/k9WJf+8wgm8GhK KPJpUjIZL7E+I2liPV1c92D4xOg7Ppg== X-Google-Smtp-Source: AGHT+IFZX34hpcEWHPoXvM/oXVGPQG8YpaMW2qNJ3gBJ8VKFGCQAcGdQ0Lo5Gr7iOOTTbs/FBGxkS+yRkGG1hTzJo+U= X-Received: by 2002:a05:6870:f112:b0:24c:4a56:4543 with SMTP id 586e51a60fabf-24c68d240f3mr4089429fac.40.1716405182555; Wed, 22 May 2024 12:13:02 -0700 (PDT) MIME-Version: 1.0 References: <4178924.1716400730@sss.pgh.pa.us> In-Reply-To: <4178924.1716400730@sss.pgh.pa.us> From: Ron Johnson Date: Wed, 22 May 2024 15:12:50 -0400 Message-ID: Subject: Re: search_path wildcard? To: "pgsql-generallists.postgresql.org" Content-Type: multipart/alternative; boundary="00000000000032768106190fb917" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --00000000000032768106190fb917 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Wed, May 22, 2024 at 1:58=E2=80=AFPM Tom Lane wrote: > Ron Johnson writes: > > That would be a helpful feature for administrators, when there are > multiple > > schemas in multiple databases, on multiple servers: superusers get ALTE= R > > ROLE foo SET SEARCH_PATH =3D '*'; and they're done with it. > > ... and they're pwned within five minutes by any user with the wits > to create a trojan-horse function or operator. Generally speaking, > you want admins to run with a minimal search path not a maximal one. > Missing tables when running "\t" is a bigger hassle. --00000000000032768106190fb917 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On Wed, May 22, 2024 at 1:58=E2=80=AFPM T= om Lane <tgl@sss.pgh.pa.us> = wrote:
Ron Johnson <ronljohnsonjr@gmail.com> writes:
> That would be a helpful feature for administrators, when there are mul= tiple
> schemas in multiple databases, on multiple servers: superusers get ALT= ER
> ROLE foo SET SEARCH_PATH=C2=A0 =3D '*'; and they're done w= ith it.

... and they're pwned within five minutes by any user with the wits
to create a trojan-horse function or operator.=C2=A0 Generally speaking, you want admins to run with a minimal search path not a maximal one.
=C2=A0
Missing tables when running "\t" = is a bigger hassle.

--00000000000032768106190fb917--