Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e7wtf-0007vG-64 for pgsql-hackers@arkaria.postgresql.org; Fri, 27 Oct 2017 05:09:31 +0000 Received: from localhost ([127.0.0.1] helo=postgresql.org) by malur.postgresql.org with smtp (Exim 4.84_2) (envelope-from ) id 1e7wte-0004L6-P5 for pgsql-hackers@arkaria.postgresql.org; Fri, 27 Oct 2017 05:09:30 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1e7wtc-0004Ie-TY for pgsql-hackers@postgresql.org; Fri, 27 Oct 2017 05:09:28 +0000 Received: from mail-wm0-x22e.google.com ([2a00:1450:400c:c09::22e]) by magus.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.84_2) (envelope-from ) id 1e7wtZ-0003Cp-Oe for pgsql-hackers@postgresql.org; Fri, 27 Oct 2017 05:09:28 +0000 Received: by mail-wm0-x22e.google.com with SMTP id p75so1179741wmg.3 for ; Thu, 26 Oct 2017 22:09:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=GHznr0tPDzxWvsZ0yoq6UpcBNSUzQrc6apE4BKWaF/s=; b=oMrR3z71XSxvPp8ujdYIb574XYenMVwI3AzofPeIxog5CfqAU/0ukpw2uXfxpFr1Sr P17IgZ86FMQPOPMvBzX2tVUdjM1CUeYJoofPLL/XKzUOb5vSZZhY++OWVNZfglCZaH5u HnhrlLr0fkxshdGjmnZTm1L9wEyIDAtNcdDUfcILRMKVvVBVbnwQMOIz+u/v4U1ET4eu HHTBB4sP2dqNoAyEIGD/S4RCleujakwhU8lzBjdxoy5fU2G+bfAVjeziO8xhnk5+/xPH eB95yoJfVnwl0O9PXM80t1aZfobysEDC0yOhtwTZBPPPXexidFKTHxcLASqBNy21530J AZRw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=GHznr0tPDzxWvsZ0yoq6UpcBNSUzQrc6apE4BKWaF/s=; b=NHQwtklWR6qWO9uZwAXO7Svxz5ijsqa+pnew0xuBpDZrQkSzy5SGeBT0wFIcQbi4ps X4zOR2g8gLpiTTK1tkfQ3MHryFq8PNLHxNDa0C+UbDkzP20UIPPfCUYUmfkRrM6Jn05g MlHUmI8WPIqlTc6qeddhO6cqUB81qyIBq/oXtVPjABI88l27Gat+xckRiWNGPK1SBtPD XYf6tMvX2BghefAqWC8tPDGQpGbyBMbGX6i3XSWt9Pw4UcmR4OhjppMWFgItVU0rQOjO /2+F+rbAsy+9f22FwmbFXwKXT+rA5NO/QpwuDIdKwvIB6C4Kwq16KuF5aoc4ha9Wl6Gj zbEQ== X-Gm-Message-State: AMCzsaU+MunkTP/KjZ7iCN8SoPv6nkohOOD5vB6MQQMbCyylkAZKq3/w PsHh0581MgA6tGe/T50ZGQTC2yeudLLdkpACXng= X-Google-Smtp-Source: ABhQp+QYuOPfcOFkx5t1xaRoFkd8WggPiaBTKA5xvVyanw5CCIIpxnMwxPn82GCzWmiu6n/Ss8+4fVfoZ9dj9EGfqh8= X-Received: by 10.28.218.4 with SMTP id r4mr746360wmg.97.1509080963520; Thu, 26 Oct 2017 22:09:23 -0700 (PDT) MIME-Version: 1.0 Received: by 10.223.146.7 with HTTP; Thu, 26 Oct 2017 22:08:43 -0700 (PDT) In-Reply-To: <20171026220732.GI4496@localhost> References: <20171026220732.GI4496@localhost> From: Pavel Stehule Date: Fri, 27 Oct 2017 07:08:43 +0200 Message-ID: Subject: Re: proposal: schema variables To: Nico Williams Cc: PostgreSQL Hackers Content-Type: multipart/alternative; boundary="001a1145ac7ac49b6d055c804ac8" List-Archive: List-Help: List-ID: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: X-Mailing-List: pgsql-hackers Precedence: bulk Sender: pgsql-hackers-owner@postgresql.org --001a1145ac7ac49b6d055c804ac8 Content-Type: text/plain; charset="UTF-8" Hi 2017-10-27 0:07 GMT+02:00 Nico Williams : > On Thu, Oct 26, 2017 at 09:21:24AM +0200, Pavel Stehule wrote: > > Comments, notes? > > I like it. > > I would further like to move all of postgresql.conf into the database, > as much as possible, as well as pg_ident.conf and pg_hba.conf. > > Variables like current_user have a sort of nesting context > functionality: calling a SECURITY DEFINER function "pushes" a new value > onto current_user, then when the function returns the new value of > current_user is "popped" and the previous value restored. > My proposal doesn't expecting with nesting, because there is only one scope - schema / session - but I don't think so it is necessary current_user is a function - it is based on parser magic in Postgres. The origin from Oracle uses the feature of ADA language. When function has no parameters then parenthesis are optional. So current_user, current_time are functions current_user(), current_time(). > It might be nice to be able to generalize this. > > Questions that then arise: > > - can one see up the stack? > - are there permissions issues with seeing up the stack? > these variables are pined to schema - so there is not any relation to stack. It is like global variables. Theoretically we can introduce "functional" variables, where the value is based on immediate evaluation of expression. It can be very similar to current current_user. > > > I recently posted proposing a feature such that SECURITY DEFINER > functions could observe the _caller_'s current_user. > your use case is good example - this proposed feature doesn't depend on stack, depends on security context (security context stack) what is super set of call stack Regards Pavel > Nico > -- > --001a1145ac7ac49b6d055c804ac8 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi

2017-10-27 0:07 GMT+02:00 Nico Williams <nico@cryptonector.= com>:
On Thu, Oct 26, 2017 = at 09:21:24AM +0200, Pavel Stehule wrote:
> Comments, notes?

I like it.

I would further like to move all of postgresql.conf into the database,
as much as possible, as well as pg_ident.conf and pg_hba.conf.

Variables like current_user have a sort of nesting context
functionality: calling a SECURITY DEFINER function "pushes" a new= value
onto current_user, then when the function returns the new value of
current_user is "popped" and the previous value restored.

My proposal doesn't expecting with nesting= , because there is only one scope - schema / session - but I don't thin= k so it is necessary

current_user is a functio= n - it is based on parser magic in Postgres. The origin from Oracle uses th= e feature of ADA language. When function has no parameters then parenthesis= are optional. So current_user, current_time are functions current_user(), = current_time().


It might be nice to be able to generalize this.

Questions that then arise:

=C2=A0- can one see up the stack?
=C2=A0- are there permissions issues with seeing up the stack?

these variables are pined to schema - so there is n= ot any relation to stack. It is like global variables.

<= /div>
Theoretically we can introduce "functional" variables, = where the value is based on immediate evaluation of expression. It can be v= ery similar to current current_user.
=C2=A0

I recently posted proposing a feature such that SECURITY DEFINER
functions could observe the _caller_'s current_user.

your use case is good example - this proposed feature doe= sn't depend on stack, depends on security context (security context sta= ck) what is super set of call stack

Regards
<= div>
Pavel



Nico
--

--001a1145ac7ac49b6d055c804ac8--