Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1w1nHS-000bzq-1L for pgsql-hackers@arkaria.postgresql.org; Sun, 15 Mar 2026 15:21:27 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1w1nHP-004m7d-2r for pgsql-hackers@arkaria.postgresql.org; Sun, 15 Mar 2026 15:21:24 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1w1nHP-004m7T-1a for pgsql-hackers@lists.postgresql.org; Sun, 15 Mar 2026 15:21:24 +0000 Received: from mail-yx1-xb133.google.com ([2607:f8b0:4864:20::b133]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.98.2) (envelope-from ) id 1w1nHN-00000000HUz-12Zw for pgsql-hackers@lists.postgresql.org; Sun, 15 Mar 2026 15:21:23 +0000 Received: by mail-yx1-xb133.google.com with SMTP id 956f58d0204a3-64c9c8f8783so4100662d50.1 for ; Sun, 15 Mar 2026 08:21:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1773588079; cv=none; d=google.com; s=arc-20240605; b=XBysbePkR8oHCdLs2TayNieESK2K7wSV4shhNJAnGNHZCRfO+UYukOqay2cSdT3WEM 1zwLElXRnVXaci0QsKuk4CYfCbt89b/5XuNNULdE0pyVCnyB7H4vVEd0Indo89d1KPgv PKFwPC0mk5fVNu3fuo+mxmHx9SkmEJmhQhUi9cpdMMVwwv3X1BNxhA1Hi+YUSx9X7Fao J5HW9zn0Fup/7wm5OmRwRG3gaxrwVz6nV0b1hg8WUSolOw6D3xH8AFiNntvlWBpVMahq urbM+AsY62Y64fBVKDBC5tMksn9jMyQVk+h1N54PkhYlpjY3O4YFtBYnPyIkcCET76SG T3Ug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=NGCek5wdOF97WhCmwcIzEqmwMKXr0t8bbeIR4HKRKoQ=; fh=c6tqTbHX+T4NmLYp1fJEJjbMzTsinNUTOQKO/GZaUbM=; b=EuI+NgYCxHIAzY2/Y7U2Ei2/nJkAQftEJeZpPtBBDm3WnmYHjwWF1+pnzB5DffhSJk aZGjSNU0zJL7SRQv0dnB++B/dGvp4YWgcTF5M59I2WSrR5OZV7V+tj5mT8IGVBauWt5g Yc9I3OqRupQm15OzsQ+f2XkviUOit2c3VnJRtQ4qIHOfGHEboYvfy/0/4J5qAx2ql5l9 qYxKQgp0csgoNhaEc7OpaPlihECvA/4bxMSSXMjJUBdSB3/EK9PqmimOP03yA7IWoS6l NZBaTfxcvGMRStVnJ4ruxxr6CHT78nAA3mVtFjQRhihm/6ldUao0Ouec6DcBMS2Mr7Vu gSZQ==; darn=lists.postgresql.org ARC-Authentication-Results: i=1; mx.google.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1773588079; x=1774192879; darn=lists.postgresql.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=NGCek5wdOF97WhCmwcIzEqmwMKXr0t8bbeIR4HKRKoQ=; b=eA7mLhP9bVk7JZxttcD2uMFAusdxsJfbuuFwxIegTb1uXxjLsj5/AaUgcy7MeRh2A5 6XjQw5BJbQGcKLsOvAxbSldyIUSp3QWefKEF8dy1Ge4D2whG0OYpbmCu8PWzftHb6qwD MmbAlpAg+ouCJs1nJv6jLYP4xq4O5kxb67NwRDNaFJ2ePoqYO+Nx4FtFDQf8mopsGLtE CBhWPycKH90DnNwLM4vt60ucgaVFzKuZ8T2WpUV0HcaMK9URfW2MycJpdR7yHKxwJxa0 QFx+nQ/2S9WqdgcQretGyS2w0woYDyCrKTU5nQqpqPDj/Wbr6iVwV1NRX0gBbbm+66vz pLSQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1773588079; x=1774192879; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=NGCek5wdOF97WhCmwcIzEqmwMKXr0t8bbeIR4HKRKoQ=; b=BTqD0xZ8tAwRy2FRTCOpquKG6Ig1exbYD6GOEozAnA5TKkdFujMHcmaS/EPF40Bexc oKDmwB9+DgrVeT3ELB49//IOyBk/Xo56ghJHvrnP6QxZ1Ek0wbRIfGhj7UGmm3uxVSvk ZExP900HlTBxc7vo/7kaevEZikxErwE8KyuISCcuHHpIMLcideSwWYBW0fpNjpM7kM0W MzLT0ZplPdJywReVTdKgBaiDO1Jkjaa/dIfElBXEGZkYOrUZVSrvTh+pOVira64Yl4Xc BKYIt6vzaBAYPLYdbXOGYDUVYUzZpOZfjcpfXOi3YrsBBuCeN6ea6Ns94voarohQOtDS Vt2A== X-Forwarded-Encrypted: i=1; AJvYcCWgLO8lzU03v2QEYwbOiNbwNtMiY2INKWr5M5HzJ/4nZzTMYrFgWsZQ4J68pFfbJQ5cp8DZ27kxtSRC0kIV@lists.postgresql.org X-Gm-Message-State: AOJu0YwcEa3Fb5BXAJV+zO7e2j/R/0gZ8bDPl+wgkmFyxboJsjAaESvA esuYZxlnhkfi7+wmi39OojO/dR+4PZmFv5E0yos1rHBiTybpnssgBH74d+iFPqwU19clyZJAa8E Quzaue3ELs+L4fFw0DCnoNYa6Eyl//hA= X-Gm-Gg: ATEYQzxwYS4vCFWEZHZIAsY2W3Shaj7BLgNgADVA11O76WQ1X8/0CXvyvyRfKNx7Bp9 d5255f+k/aMJJ7culE5+4RYVeeG3kSrukyTr0i7Yy7eNwX3PIs8kbXBVWwcxTSj8KY59rGFqNEE xD4fXLxFFluFPRthBUse2Swb3QUl6+KXfWDlyEYnaoo+gn5mSkz4qHIhX1/EIr4wIv/g8sbMP2S rM3M4jmm0Ft07KR/gaD0MN9uiGCtgK4haQrm2V9OYdTGDEaXsrqQ3kj0MoDXA/qVtUKwUbDRfJY X+EN4o/WVfvf5FzbNrqW1sSkR3INc69n9iin5s+N3CCfIKzXHaSl6FBPlxosassUmuWRhcOA2/j G/F/c4rJqtDIi3S07Cg2Y2WR2VPkIvRusrLv8dys0cnHrntvmeLqlk6EeTw== X-Received: by 2002:a53:4c09:0:b0:64c:cfae:a9c4 with SMTP id 956f58d0204a3-64dc70c6c07mr9516691d50.15.1773588079575; Sun, 15 Mar 2026 08:21:19 -0700 (PDT) MIME-Version: 1.0 References: <2898f090-d9cf-475c-940c-a99da4a308f1@uni-muenster.de> <08052569-9384-41b5-bcb7-33929fcc6c71@uni-muenster.de> <2ba05acc-6392-42a4-b59e-61df086b2d4d@uni-muenster.de> <1d49e214-93bc-4928-945c-27e60251a6ad@uni-muenster.de> <9228b6dc-cfae-4a11-927a-209680f5507e@uni-muenster.de> <2f8ca841-0956-4e7d-8fa2-038b879c8f4d@uni-muenster.de> In-Reply-To: <2f8ca841-0956-4e7d-8fa2-038b879c8f4d@uni-muenster.de> From: Pavel Stehule Date: Sun, 15 Mar 2026 16:20:42 +0100 X-Gm-Features: AaiRm52PRzzJCiGOpVHmw7I7UGB6DiwG_CBxBtsdMYF_dSOR1nvPxYDqlHG-I9M Message-ID: Subject: Re: WIP - xmlvalidate implementation from TODO list To: Jim Jones Cc: Marcos Magueta , Andrey Borodin , Kirill Reshke , PostgreSQL Hackers Content-Type: multipart/alternative; boundary="000000000000760497064d11a710" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --000000000000760497064d11a710 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable ne 15. 3. 2026 v 13:58 odes=C3=ADlatel Jim Jones napsal: > Hi Marcos > > On 15/03/2026 05:25, Marcos Magueta wrote: > > I was thinking about the idea of managing the catalogs for read and > > write, and I'm coming around to the idea of predefined roles after all. > > Relying on conventional namespace-level ACLs for this turns out to be > > impractical. With the normal ACL, a schema is object agnostic, so > > there's no clean way to selectively restrict XML schema creation withou= t > > also affecting other objects in the sam enamespace. A simple scenario > > like limiting who can write already gets messy. I did consider RLS on > > the catalog, but that would be unprecedented for a pg_* table and would > > break assumptions throughout the system, like pg_dump, dependency > > tracking, syscache lookups... blah! > > > > That said, I'd like to hear from more people on this before committing > > to an approach, assuming there's still legitimate interest in moving > > this work forward. > > > I guess we can assume that everything added to the official todo list is > of interest for the community -- at least I do :). > > > > On the potential CPU burn from validation: I think in practice it's > > comparable to what you'd get from a complex index, heavy check > > constraint, or trigger function. However, the nature of the input (and = I > > mean the XML schema definitions as plain text here), likely coming from > > the application layer, sets a warrant for extra caution I guess. > > Limiting the depth and size of both the schema and the document being > > validated would reduce compatibility, but goes a long way in preventing > > resource exhaustion, so it's a fairly trivial option to implement. > > > I took the liberty to add Pavel to this thread. He has way more > experience than me in this part of the code, and perhaps he can share > his opinion on the predefined roles for XML schemas and his impressions > on the patch as a whole. > I have no opinion about this now. I need to read both variants. > > Best, Jim > --000000000000760497064d11a710 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


ne 15. 3. 2026 = v=C2=A013:58 odes=C3=ADlatel Jim Jones <jim.jones@uni-muenster.de> napsal:
Hi Marcos

On 15/03/2026 05:25, Marcos Magueta wrote:
> I was thinking about the idea of managing the catalogs for read and > write, and I'm coming around to the idea of predefined roles after= all.
> Relying on conventional namespace-level ACLs for this turns out to be<= br> > impractical. With the normal ACL, a schema is object agnostic, so
> there's no clean way to selectively restrict XML schema creation w= ithout
> also affecting other objects in the sam=C2=A0enamespace. A simple scen= ario
> like limiting who can write already gets messy. I did consider RLS on<= br> > the catalog, but that would be unprecedented for a pg_* table and woul= d
> break assumptions throughout the system, like pg_dump, dependency
> tracking, syscache lookups... blah!
>
> That said, I'd like to hear from more people on this before commit= ting
> to an approach, assuming there's still legitimate interest in movi= ng
> this work forward.


I guess we can assume that everything added to the official todo list is of interest for the community -- at least I do :).


> On the potential CPU burn from validation: I think in practice it'= s
> comparable to what you'd get from a complex index, heavy check
> constraint, or trigger function. However, the nature of the input (and= I
> mean the XML schema definitions as plain text here), likely coming fro= m
> the application layer, sets a warrant for extra caution I guess.
> Limiting the depth and size of both the schema and the document being<= br> > validated would reduce compatibility, but goes a long way in preventin= g
> resource exhaustion, so it's a fairly trivial option to implement.=


I took the liberty to add Pavel to this thread. He has way more
experience than me in this part of the code, and perhaps he can share
his opinion on the predefined roles for XML schemas and his impressions
on the patch as a whole.

I have no opin= ion about this now.=C2=A0 I need to read both variants.

Best, Jim
--000000000000760497064d11a710--