public inbox for [email protected]
help / color / mirror / Atom feedFrom: Jim Jones <[email protected]>
To: Marcos Magueta <[email protected]>
Cc: Andrey Borodin <[email protected]>
Cc: Kirill Reshke <[email protected]>
Cc: PostgreSQL Hackers <[email protected]>
Subject: Re: WIP - xmlvalidate implementation from TODO list
Date: Tue, 6 Jan 2026 12:02:36 +0100
Message-ID: <[email protected]> (raw)
In-Reply-To: <CAN3aFCfdGp6TGTQNOVO1im1u2vO_E2jnTGVV2xhea7eNY7GtuQ@mail.gmail.com>
References: <CAN3aFCdx8AapWSVpJ1kaC7OC_v7QwbjgbGw9WfPBBY2GMyOadQ@mail.gmail.com>
<CALdSSPjxLU+zhWx+CgwN+VHoHTso33trY6mse1A6Jks7hWAdrA@mail.gmail.com>
<CAN3aFCesNDiL-iZg4imC0n+NgT3JywqZYkuGH83u8ssLjJ-p5Q@mail.gmail.com>
<CAN3aFCfvVgXr77o=dB_E2kSCY+EgckSQbSBdd_N9n-LauWuQLw@mail.gmail.com>
<CAN3aFCcx_w5Ldb+SYurwd31es9hOJqLuKARQHHDOk7+5iOqBWQ@mail.gmail.com>
<CALdSSPhFzYCp=Aa8AAboz6TQaTmjWciQGfrEJQeOOO+0pD1GGw@mail.gmail.com>
<[email protected]>
<[email protected]>
<[email protected]>
<CAN3aFCfdGp6TGTQNOVO1im1u2vO_E2jnTGVV2xhea7eNY7GtuQ@mail.gmail.com>
Hi Marcos
On 05.01.26 18:49, Marcos Magueta wrote:
> I am tempted to go with a pg_xmlschema definition on the catalog and an
> interface like the one IBM has, but still restricting file access.
> Dealing with the security problems for that sounds excruciating. Any
> opinions?
Perhaps we need to first agree on some foundational aspects such as
design and syntax before going deeper into the code.
== return type ==
Your proposal returns a boolean, but the SQL/XML standard specifies
otherwise. In 6.21 <XML validate>:
"General Rule 8)
The result of <XML validate> is R."
where R is constructed as an XQuery sequence of nodes:
"General Rule 7)
Let R be an XQuery sequence enumerated by Rⱼ, 1 ≤ j ≤ N."
This may sound surprising at first glance, but it enables useful
patterns such as:
INSERT INTO t (c)
VALUES (XMLVALIDATE(x ACCORDING TO XMLSCHEMA s));
SELECT XMLSERIALIZE(
XMLVALIDATE(x ACCORDING TO XMLSCHEMA s)
AS text
);
In this model, validation failure is signaled via an error condition,
not by returning false.
== registered XML schemas ==
AFAICT the standard does not mandate any particular syntax for
registering XML schemas, so we are not required to implement REGISTER
XMLSCHEMA. Also, registered XML schemas must also be manageable objects,
which should be reflected in the proposed syntax. For example:
CREATE XMLSCHEMA foo AS '... XSD text ...';
CREATE XMLSCHEMA foo FROM file;
DROP XMLSCHEMA foo;
ALTER XMLSCHEMA foo RENAME TO bar;
ALTER XMLSCHEMA foo OWNER TO u;
ALTER XMLSCHEMA foo ADD '... new value ...';
and so on...
== permissions ==
Schema registration and usage should be privilege-controlled, for
example via dedicated roles:
GRANT pg_read_xmlschemas TO u;
GRANT pg_write_xmlschemas TO u;
...
After we have the XML schema management aspects figured out, we can move
on to XMLVALIDATE itself.
These are just my opinions. Let's also hear what the other reviewers
have to say before you start working on a v2.
Best, Jim
view thread (10+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected], [email protected]
Subject: Re: WIP - xmlvalidate implementation from TODO list
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox