Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1ugBiB-00H3HB-Go
	for pgsql-hackers@arkaria.postgresql.org; Mon, 28 Jul 2025 00:27:28 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1ugBi8-002p5s-NY
	for pgsql-hackers@arkaria.postgresql.org; Mon, 28 Jul 2025 00:27:25 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <david.g.johnston@gmail.com>)
	id 1ugBi8-002p4z-BE
	for pgsql-hackers@lists.postgresql.org; Mon, 28 Jul 2025 00:27:24 +0000
Received: from mail-oi1-x236.google.com ([2607:f8b0:4864:20::236])
	by magus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.96)
	(envelope-from <david.g.johnston@gmail.com>)
	id 1ugBi5-001CoM-17
	for pgsql-hackers@postgresql.org;
	Mon, 28 Jul 2025 00:27:24 +0000
Received: by mail-oi1-x236.google.com with SMTP id
 5614622812f47-41eaf97416eso2159759b6e.0
        for <pgsql-hackers@postgresql.org>;
 Sun, 27 Jul 2025 17:27:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1753662440; x=1754267240;
 darn=postgresql.org;
        h=cc:to:subject:message-id:date:from:references:in-reply-to
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=yzc99g7of2ztiVg+dJe1iiPoRX7hgFo3ptYbKCDzakg=;
        b=IdRRuGE8FS/RZ2VHhVL+Au2qprU55gr1FiHjG6ZZEk+xgCGzSYnPr9YSLTetaSgUQQ
         mSooT1TkY6+sDflhgYjBrb6+R7BRBtSXinwXA9CuY4MXg+ja6649iZBr0BsZTEhzz0jF
         6/AKbDZQ5MfZtrG4E54G/2aVdZqXm6ceuBtGykVTZ+zwsQ7ZPwV44E89yF5rOcVKLTav
         /6ojVTjy9BczpFOOBUXB+a7YNDmUgVP2Z09OduGxJnMAXFToYYw75SJjHgzlRHSXzVMp
         qit7v8/HGJkUcNHJ6tTMrz5gUpBKhO0+BLh4mj9SlROMyShWEM4rZ7i5CTb0IrIlOpTB
         LkWw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1753662440; x=1754267240;
        h=cc:to:subject:message-id:date:from:references:in-reply-to
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=yzc99g7of2ztiVg+dJe1iiPoRX7hgFo3ptYbKCDzakg=;
        b=SqU18vuz6eoJ3A140b3g2W6REFYgfbHtBaX0zAi0FdkTyz4FAfuILbIT1U2GipNp7p
         3NTAMzWVSL4HYRAEl6/bhzq6bdJ/raIeA8xC13HMBRLDZjC3UvaAxBF87CZAGgLYOqGS
         ePVh4hCw+67rk+dluQJbF1AgYhpT6kPhmQoBIkMCabqpRZcvh2AnlUFXn8OjwFOYdMRc
         tQmWirgLGWU5G5cdKouchtSQeI/vStCgl80aqav0qA4H/ler8x96Phua6odlgXDVYlAR
         ypUldDtwO30VlnmyXkN/59dqnBjg5j2eNWqIGGlv5B9S7oNiE3wHTV3fZ1Hue+0h3rjx
         fB/A==
X-Forwarded-Encrypted: i=1;
 AJvYcCWUareu0ASJTWM2OiDP+pO3vOu7IArVY6sNcrsZPrIqkxdci3+c5pnyeDjh72f35TVhfeHuYf/VlY08cKFK@postgresql.org
X-Gm-Message-State: AOJu0Yyg1WZaGT6wpN+BA2ihL0tn4YETMKDViVLAVwDXgvPLVFl9/TRe
	HK3Fc0pMVF3N/jC3EuIy01dPEWt72lp6WVb3YgJfi133YMWhhupOeilbHBluZIKoLNBbomIoc2p
	WbfQTROHAQamsTQRd2hioszVeTUWEIY0=
X-Gm-Gg: ASbGnctQd6sYj3KMwtfAjl+kLeAYv+ZDntlTt+ghe8VkVL2ciZUesSUJ2x+dAzbsS6U
	JwX/3mSHrPbc0zs7TVKg7mwUnXQL1EyvzjsvpV4CNtVLiPRuTfKA0M6t634vXCzBVW2iKXSd00R
	NUZWLjVLxSgZTP0pllQQZ9Zf//cpUs1BkJUn6MyP/QhQwGkER6bta+nZjLTaLAD+lzL4ihIlsY3
	NVEzmE+0Jej5e5UZA==
X-Google-Smtp-Source: 
 AGHT+IH8ky/BaXN8MaNoXOn69zU8w0pzQkb0y/YLoYtteGSXXYYOe+VowSoKhg6+RCzmbHF/uqtgknrPBH96X52k1EQ=
X-Received: by 2002:a05:6808:14c6:b0:41b:e029:bba8 with SMTP id
 5614622812f47-42bb8976968mr5419548b6e.17.1753662439593; Sun, 27 Jul 2025
 17:27:19 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a05:6802:3296:b0:5da:a024:6db9 with HTTP; Sun, 27 Jul 2025
 17:27:18 -0700 (PDT)
In-Reply-To: 
 <CADE6LvjnX8MbZPSTkrdoRGwf+_q6deNN1+-N_bmjdUgvFNy+fQ@mail.gmail.com>
References: 
 <CAGECzQQzDqDzakBkR71ZkQ1N1ffTjAaruRSqppQAKu3WF+6rNQ@mail.gmail.com>
 <dbd3cc5a5edde04941c8624dde7e4bd2a063f366.camel@j-davis.com>
 <CAGECzQTe3y6xwP9aMbFBCxKnQEEn3G3=cEDqoD5xaOwPwypd_A@mail.gmail.com>
 <CAGECzQTAgtTp3G=Em3xEY=T=uiKfyu5xLYri9By=sfNBS5C_9A@mail.gmail.com>
 <CAKFQuwaT4_n=e0YKBZAyox1CQUra2ka0cySs+3pGZR5p50pn-g@mail.gmail.com>
 <CAGECzQTOJrnnJkmMe9nems0jouiKUbFcEb1rb9kE_svsAZiGQg@mail.gmail.com>
 <585e996c-a5c6-4e61-acc4-d92b7a1458ea@vondra.me>
 <CAGECzQS02M6YPDXemo36tShO-ZYObjqnyTJyVttua1PGyN4xRw@mail.gmail.com>
 <CADE6LvjnX8MbZPSTkrdoRGwf+_q6deNN1+-N_bmjdUgvFNy+fQ@mail.gmail.com>
From: "David G. Johnston" <david.g.johnston@gmail.com>
Date: Sun, 27 Jul 2025 17:27:18 -0700
X-Gm-Features: Ac12FXz0fwOfXiUE3OTSWohi2HmmqLRtbiEpyvxdgzyOW1DKYwPHK5g8gsvzRlI
Message-ID: 
 <CAKFQuwYceVNWLUcX-OHw68G3d7WUDdDioTvS=ctjg1j2Z-D3ng@mail.gmail.com>
Subject: Re: Extension security improvement: Add support for extensions with
 an owned schema
To: Sadeq Dousti <msdousti@gmail.com>
Cc: Jelte Fennema-Nio <me@jeltef.nl>, Tomas Vondra <tomas@vondra.me>,
 Jeff Davis <pgsql@j-davis.com>,
	PostgreSQL-development <pgsql-hackers@postgresql.org>,
 "David E. Wheeler" <david@justatheory.com>,
	Artem Gavrilov <artem.gavrilov@percona.com>
Content-Type: multipart/alternative; boundary="000000000000c49bba063af25a2e"
List-Id: <pgsql-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-hackers@lists.postgresql.org>
List-Owner: <mailto:pgsql-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-hackers>
Archived-At: 
 <https://www.postgresql.org/message-id/CAKFQuwYceVNWLUcX-OHw68G3d7WUDdDioTvS%3Dctjg1j2Z-D3ng%40mail.gmail.com>
Precedence: bulk

--000000000000c49bba063af25a2e
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Sunday, July 27, 2025, Sadeq Dousti <msdousti@gmail.com> wrote:

>
> (a) The patch affects DROP EXTENSION in that it drops the schema as well,
> if it's owned by the extension. This needs to be mentioned in the
> documentation. In addition, an extra confirmation (e.g., "This will drop
> schema nnnn as well, do you wish to continue?") when dropping the
> extension might be desired, as the extension schema could contain user
> data (e.g., pg_cron keeps the jobs and their execution details).
>

SQL isn=E2=80=99t interactive in this sense.  There isn=E2=80=99t a way to =
ask =E2=80=9Care you
sure?=E2=80=9D.  At best the server can refuse to do something unless addit=
ional
options, like =E2=80=9Cforce/cascade=E2=80=9D are present in the command.

David J.

--000000000000c49bba063af25a2e
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Sunday, July 27, 2025, Sadeq Dousti &lt;<a href=3D"mailto:msdousti@gmail=
.com">msdousti@gmail.com</a>&gt; wrote:<br><blockquote class=3D"gmail_quote=
" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><=
div dir=3D"ltr"><br>(a) The patch affects DROP EXTENSION in that it drops t=
he schema as well, if it&#39;s owned by the extension. This needs to be men=
tioned in the documentation. In addition, an extra confirmation<span class=
=3D"gmail_default" style=3D"font-family:tahoma,sans-serif"> (e.g., &quot;Th=
is will drop schema nnnn as well, do you wish to continue?&quot;)</span> wh=
en dropping the extension might be <span class=3D"gmail_default" style=3D"f=
ont-family:tahoma,sans-serif"></span>d<span class=3D"gmail_default" style=
=3D"font-family:tahoma,sans-serif">esired</span>, as the extension schema c=
ould contain user data (e.g., pg_cron keeps the jobs and their execution de=
tails).<br></div></blockquote><div><br></div><div>SQL isn=E2=80=99t interac=
tive in this sense.=C2=A0 There isn=E2=80=99t a way to ask =E2=80=9Care you=
 sure?=E2=80=9D.=C2=A0 At best the server can refuse to do something unless=
 additional options, like =E2=80=9Cforce/cascade=E2=80=9D are present in th=
e command.</div><div><br></div><div>David J.</div><div>=C2=A0</div>

--000000000000c49bba063af25a2e--