Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1ugBzm-00H6sx-G0
	for pgsql-hackers@arkaria.postgresql.org; Mon, 28 Jul 2025 00:45:39 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1ugBzl-002vy6-EL
	for pgsql-hackers@arkaria.postgresql.org; Mon, 28 Jul 2025 00:45:37 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <msdousti@gmail.com>)
	id 1ugBzl-002vxx-3l
	for pgsql-hackers@lists.postgresql.org; Mon, 28 Jul 2025 00:45:37 +0000
Received: from mail-qk1-x72d.google.com ([2607:f8b0:4864:20::72d])
	by magus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.96)
	(envelope-from <msdousti@gmail.com>)
	id 1ugBzi-001Cwy-0g
	for pgsql-hackers@postgresql.org;
	Mon, 28 Jul 2025 00:45:37 +0000
Received: by mail-qk1-x72d.google.com with SMTP id
 af79cd13be357-7e346ab53d8so369934185a.0
        for <pgsql-hackers@postgresql.org>;
 Sun, 27 Jul 2025 17:45:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1753663533; x=1754268333;
 darn=postgresql.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=DISTt0353qnEhNkV66jUYpzMBzBIgQCrFbSO0FFo5lg=;
        b=PLa9mvI4meCeqqfs40pZ6TJQOOhwksy9LFhCLzFF5KVlDylbLVumrUUpy0TNYZocIF
         0um0r8shJ7zuLY5/IMAc0L/hUoJ9Iz4Bqua+qD6iB3BuN1W6qgP18xQkut4KzvO4TQtE
         2fGbSS7BfqpwEnJ/mICzckAtI+EZT/GX85xI7agulhkLDShcbmOGp9b75vvSr2Ks0Vmb
         P78dYsB8POHJTcQAukoOC+in75YmDsI8qy74X1z9irmDa+gGN6TVGXgpn+sJulZjW/eU
         QgEjZ4sJ7D6qPlCUaTsu4xdDqROmDC3xzzaj2QewCtXNJhwwnR72SGHQ7wMuag4ZBsLj
         9odA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1753663533; x=1754268333;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=DISTt0353qnEhNkV66jUYpzMBzBIgQCrFbSO0FFo5lg=;
        b=b07oMBWXxWwg9ARWh7rzxb1SHuI/L6Q6DqHyMuvzxnVWSPs9lzN6UdbgA4znUk46rQ
         4sUoQJoC8SscmEQq6/sXO+HWr8LayNIRtFQ2+/YJGzfUBL4CIm8m6OMsIxAV0GdSmNWf
         FGo97Qb1uMnjV/bhbGY0pmKCnQ9ocukK3dobWJFh8+hsLYEiqZ1hJOjzFhrwnKBRsINI
         Xc4V9tlDg6Wzt7wu0X/I4EBiIhptNOVHggSTUw4ez6wygTbUnM2ePpsjbHQMXzwmHzf7
         MjenpluDN3rCRmPXnvTNBkN0RuOi3Rob034p8BlJW22cY73tcCW3/380EY3FqSa6w4Fs
         HOLQ==
X-Forwarded-Encrypted: i=1;
 AJvYcCWvR7TzUhhGzURnHmnTJ78ZBRcYL4TQef1UYTC6vrnaCVlhB+G42EJ5wiuPzxg1cwT9kcFcwBIcDj7Al+n2@postgresql.org
X-Gm-Message-State: AOJu0YzFH5ahg7gTnAYk9VMeCW+yX7zeGwf6ukmnssc68MAve1ukmdPV
	mBJZYzgsiFCNuEIyIJH8Gp6izs7z3fhEUPgCjezvKvTCH/TdOpbwR3Jd59n1P0Kin2GwG7g222q
	J0CiG8UterW/D6Qf0lOtlTZ5I8pq3FoI=
X-Gm-Gg: ASbGncuvqi7lrVmDNZF6VuR6SZl30LxMJDCz0ZUxrn3yqt3TDXwCeFql8wNfsHySw1e
	4EBhX38vsseFWlDp1W6bzRsIzGuDEppXsyXW25BpXCibIdmvz/H0ubOlOEnjJO4giA6eB6mJTl0
	07iZawgdEe51x3Va86iMZYDpkze1vQBM8YeEVPyXghsgp4/sNMWODfgXz45SWzd9HoouVlR/DFP
	aOAbIyzzxk/Y55ib+VehMozreDvv+Cyz6YwWhpkyE65lXPJSA==
X-Google-Smtp-Source: 
 AGHT+IHbMc1a1VQaVNJwvhi79X9rVcho7P5AeT+jykTalApC2x+8gDHwfHdVcGYuDHyolYXK0RhhbTcJ5YnepribVtU=
X-Received: by 2002:ad4:5943:0:b0:707:1eae:17e9 with SMTP id
 6a1803df08f44-7072055ec64mr143410286d6.21.1753663533026; Sun, 27 Jul 2025
 17:45:33 -0700 (PDT)
MIME-Version: 1.0
References: 
 <CAGECzQQzDqDzakBkR71ZkQ1N1ffTjAaruRSqppQAKu3WF+6rNQ@mail.gmail.com>
 <dbd3cc5a5edde04941c8624dde7e4bd2a063f366.camel@j-davis.com>
 <CAGECzQTe3y6xwP9aMbFBCxKnQEEn3G3=cEDqoD5xaOwPwypd_A@mail.gmail.com>
 <CAGECzQTAgtTp3G=Em3xEY=T=uiKfyu5xLYri9By=sfNBS5C_9A@mail.gmail.com>
 <CAKFQuwaT4_n=e0YKBZAyox1CQUra2ka0cySs+3pGZR5p50pn-g@mail.gmail.com>
 <CAGECzQTOJrnnJkmMe9nems0jouiKUbFcEb1rb9kE_svsAZiGQg@mail.gmail.com>
 <585e996c-a5c6-4e61-acc4-d92b7a1458ea@vondra.me>
 <CAGECzQS02M6YPDXemo36tShO-ZYObjqnyTJyVttua1PGyN4xRw@mail.gmail.com>
 <CADE6LvjnX8MbZPSTkrdoRGwf+_q6deNN1+-N_bmjdUgvFNy+fQ@mail.gmail.com>
 <CAKFQuwYceVNWLUcX-OHw68G3d7WUDdDioTvS=ctjg1j2Z-D3ng@mail.gmail.com>
In-Reply-To: 
 <CAKFQuwYceVNWLUcX-OHw68G3d7WUDdDioTvS=ctjg1j2Z-D3ng@mail.gmail.com>
From: Sadeq Dousti <msdousti@gmail.com>
Date: Mon, 28 Jul 2025 02:45:21 +0200
X-Gm-Features: Ac12FXxCFwMJbYfS0C3fBC5PLAV2OkTFXWvLFgwkNqfKEjDaoJjbVu36-2g7pNs
Message-ID: 
 <CADE6Lvh9hBvLJm_X73w+=bo3B9EH9gzM=cGx1AFOsmCEP4Vm5Q@mail.gmail.com>
Subject: Re: Extension security improvement: Add support for extensions with
 an owned schema
To: "David G. Johnston" <david.g.johnston@gmail.com>
Cc: Jelte Fennema-Nio <me@jeltef.nl>, Tomas Vondra <tomas@vondra.me>,
 Jeff Davis <pgsql@j-davis.com>,
	PostgreSQL-development <pgsql-hackers@postgresql.org>,
 "David E. Wheeler" <david@justatheory.com>,
	Artem Gavrilov <artem.gavrilov@percona.com>
Content-Type: multipart/alternative; boundary="000000000000f113a1063af29b3a"
List-Id: <pgsql-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-hackers@lists.postgresql.org>
List-Owner: <mailto:pgsql-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-hackers>
Archived-At: 
 <https://www.postgresql.org/message-id/CADE6Lvh9hBvLJm_X73w%2B%3Dbo3B9EH9gzM%3DcGx1AFOsmCEP4Vm5Q%40mail.gmail.com>
Precedence: bulk

--000000000000f113a1063af29b3a
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

You're absolutely right about the lack of interactivity. I'd still go with
your suggestion of using something along the lines of cascade/force, as
dropping the schema silently can potentially delete the user data.

Bests,
Sadeq

On Mon, Jul 28, 2025, 02:27 David G. Johnston <david.g.johnston@gmail.com>
wrote:

> On Sunday, July 27, 2025, Sadeq Dousti <msdousti@gmail.com> wrote:
>
>>
>> (a) The patch affects DROP EXTENSION in that it drops the schema as well=
,
>> if it's owned by the extension. This needs to be mentioned in the
>> documentation. In addition, an extra confirmation (e.g., "This will drop
>> schema nnnn as well, do you wish to continue?") when dropping the
>> extension might be desired, as the extension schema could contain user
>> data (e.g., pg_cron keeps the jobs and their execution details).
>>
>
> SQL isn=E2=80=99t interactive in this sense.  There isn=E2=80=99t a way t=
o ask =E2=80=9Care you
> sure?=E2=80=9D.  At best the server can refuse to do something unless add=
itional
> options, like =E2=80=9Cforce/cascade=E2=80=9D are present in the command.
>
> David J.
>
>

--000000000000f113a1063af29b3a
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"auto">You&#39;re absolutely right about the lack of interactivi=
ty. I&#39;d still go with your suggestion of using something along the=C2=
=A0lines of cascade/force, as dropping the schema silently can potentially =
delete the user data.=C2=A0<div dir=3D"auto"><br></div><div dir=3D"auto">Be=
sts,=C2=A0</div><div dir=3D"auto">Sadeq=C2=A0</div></div><br><div class=3D"=
gmail_quote gmail_quote_container"><div dir=3D"ltr" class=3D"gmail_attr">On=
 Mon, Jul 28, 2025, 02:27 David G. Johnston &lt;<a href=3D"mailto:david.g.j=
ohnston@gmail.com">david.g.johnston@gmail.com</a>&gt; wrote:<br></div><bloc=
kquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:=
1px solid rgb(204,204,204);padding-left:1ex">On Sunday, July 27, 2025, Sade=
q Dousti &lt;<a href=3D"mailto:msdousti@gmail.com" target=3D"_blank" rel=3D=
"noreferrer">msdousti@gmail.com</a>&gt; wrote:<br><blockquote class=3D"gmai=
l_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,20=
4,204);padding-left:1ex"><div dir=3D"ltr"><br>(a) The patch affects DROP EX=
TENSION in that it drops the schema as well, if it&#39;s owned by the exten=
sion. This needs to be mentioned in the documentation. In addition, an extr=
a confirmation<span class=3D"gmail_default" style=3D"font-family:tahoma,san=
s-serif"> (e.g., &quot;This will drop schema nnnn as well, do you wish to c=
ontinue?&quot;)</span> when dropping the extension might be <span class=3D"=
gmail_default" style=3D"font-family:tahoma,sans-serif"></span>d<span class=
=3D"gmail_default" style=3D"font-family:tahoma,sans-serif">esired</span>, a=
s the extension schema could contain user data (e.g., pg_cron keeps the job=
s and their execution details).<br></div></blockquote><div><br></div><div>S=
QL isn=E2=80=99t interactive in this sense.=C2=A0 There isn=E2=80=99t a way=
 to ask =E2=80=9Care you sure?=E2=80=9D.=C2=A0 At best the server can refus=
e to do something unless additional options, like =E2=80=9Cforce/cascade=E2=
=80=9D are present in the command.</div><div><br></div><div>David J.</div><=
div>=C2=A0</div>
</blockquote></div>

--000000000000f113a1063af29b3a--