Received: from localhost (unknown [200.46.204.183]) by postgresql.org (Postfix) with ESMTP id 47807650344 for ; Wed, 30 Jul 2008 19:13:17 -0300 (ADT) Received: from postgresql.org ([200.46.204.86]) by localhost (mx1.hub.org [200.46.204.183]) (amavisd-maia, port 10024) with ESMTP id 92783-05 for ; Wed, 30 Jul 2008 19:13:09 -0300 (ADT) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from sss.pgh.pa.us (sss.pgh.pa.us [66.207.139.130]) by postgresql.org (Postfix) with ESMTP id B22D7650330 for ; Wed, 30 Jul 2008 19:13:12 -0300 (ADT) Received: from sss2.sss.pgh.pa.us (tgl@localhost [127.0.0.1]) by sss.pgh.pa.us (8.14.2/8.14.2) with ESMTP id m6UMDA6P024288; Wed, 30 Jul 2008 18:13:10 -0400 (EDT) To: Gregory Stark cc: pgsql-hackers@postgresql.org Subject: Re: Should creating a new base type require superuser status? In-reply-to: <87od4fghgd.fsf@oxford.xeocode.com> References: <19715.1217447413@sss.pgh.pa.us> <87sktrgjdj.fsf@oxford.xeocode.com> <23742.1217453388@sss.pgh.pa.us> <87od4fghgd.fsf@oxford.xeocode.com> Comments: In-reply-to Gregory Stark message dated "Wed, 30 Jul 2008 23:01:06 +0100" Date: Wed, 30 Jul 2008 18:13:10 -0400 Message-ID: <24287.1217455990@sss.pgh.pa.us> From: Tom Lane X-Virus-Scanned: Maia Mailguard 1.0.1 X-Spam-Status: No, hits=0 tagged_above=0 required=5 tests=none X-Spam-Level: X-Archive-Number: 200807/1451 X-Sequence-Number: 121711 Gregory Stark writes: > "Tom Lane" writes: >> Unless you're going to allow them to create new C functions, I'm not >> clear on how much they're going to be able to change the semantics. > Well there's plenty that can be done just using text or bytea as > representations. citext, or uuid for example. For the sort of look-ma-no-C programming that you seem to be envisioning, I don't think that real base types are appropriate at all. What might make sense is to handle it as a domain over some suitably-generic base type. The thing we'd have to fix to make that work is the way that the ambiguous-function resolution rules discriminate against functions that're declared to take domains. Which is hard, but it seems a lot less likely to lead to weird security risks than letting untrusted users mess with the details of base-type operations. Elein was going to go off in a corner and think about how to make that work better, but I dunno if she's gotten anywhere yet. regards, tom lane