Received: from malur.postgresql.org ([2a02:16a8:dc51::56])
	by arkaria.postgresql.org with esmtps
 (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256)
	(Exim 4.89)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1fsmCv-0000wY-AV
	for pgsql-hackers@arkaria.postgresql.org; Thu, 23 Aug 2018 09:47:13 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.89)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1fsmCt-0002c6-J1
	for pgsql-hackers@arkaria.postgresql.org; Thu, 23 Aug 2018 09:47:11 +0000
Received: from makus.postgresql.org ([2001:4800:1501:1::229])
	by malur.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256)
	(Exim 4.89)
	(envelope-from <coelho@cri.ensmp.fr>)
	id 1fsmCt-0002by-8G
	for pgsql-hackers@lists.postgresql.org; Thu, 23 Aug 2018 09:47:11 +0000
Received: from courriel.mines-paristech.fr ([77.158.173.149]
 helo=antispam-1.ensmp.fr)
	by makus.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256)
	(Exim 4.89)
	(envelope-from <coelho@cri.ensmp.fr>)
	id 1fsmCo-0003Sy-LX
	for pgsql-hackers@lists.postgresql.org; Thu, 23 Aug 2018 09:47:09 +0000
Received: from smtp-5.mines-paristech.fr (smtp.mines-paristech.fr
 [77.158.173.146])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by antispam-1.ensmp.fr (antispam.mines-paristech.fr) with ESMTPS id
 9164A55E27;
	Thu, 23 Aug 2018 11:47:03 +0200 (CEST)
Received: from lancre.home (LFbn-1-3916-164.w86-233.abo.wanadoo.fr
 [86.233.166.164])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp-5.mines-paristech.fr (Postfix) with ESMTPSA id 6223B2015C;
	Thu, 23 Aug 2018 11:47:03 +0200 (CEST)
Date: Thu, 23 Aug 2018 11:46:32 +0200 (CEST)
From: Fabien COELHO <coelho@cri.ensmp.fr>
X-X-Sender: fabien@lancre
To: Pavel Stehule <pavel.stehule@gmail.com>
cc: Gilles Darold <gilles.darold@dalibo.com>,
    PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Subject: Re: [HACKERS] proposal: schema variables
In-Reply-To: 
 <CAFj8pRAcFv09qOcbr09c2AbwZ9DGw5Hs6rPcYoo7r9OLdWWB2A@mail.gmail.com>
Message-ID: <alpine.DEB.2.21.1808231123050.31897@lancre>
References: 
 <CAFj8pRDY+m9OOxfO10R7J0PAkCCauM-TweaTrdsrsLGMb1VbEQ@mail.gmail.com>
 <CAFj8pRBfb-GTZSHSRVTpMzGr26-7e-_RmOmRpmuk+xuDTgC=mA@mail.gmail.com>
 <28924bcc-9242-9798-e4e8-9d83cea3fef6@dalibo.com>
 <CAFj8pRBRxJ09ibuZT+KK3E+vc3-sXAz7HrbW3oVie7FwQRU-uQ@mail.gmail.com>
 <ae98027e-25a7-b229-ffec-b05d68162718@dalibo.com>
 <CAFj8pRATM44F1ugXxTn6aofxOa=3DZbqOJ17=EVyG+CEzsRQvw@mail.gmail.com>
 <CAFj8pRDnoA3J2RM=WZJdYBXEiJUOfDv-gyJmp81Pq93jmrBb5g@mail.gmail.com>
 <CAFj8pRCTz_CRez3vFo_Ta_m=KtOxBGHE9+T1QG3UgRbuURfzjA@mail.gmail.com>
 <CAFj8pRA_jZYuTRHEMsv8CnZLBqmnS5xRjcZh-uf0nBWA7WrzMA@mail.gmail.com>
 <alpine.DEB.2.21.1808211938510.11873@lancre>
 <CAFj8pRCRUpNjX9Fb49SaADbRnCE69ndkOvtoeKxwvxetfJ8=kA@mail.gmail.com>
 <alpine.DEB.2.21.1808220831550.10677@lancre>
 <CAFj8pRCyvx37Fnw6yHdscGbbGo_Ak3WdeKiZ6arFW8JTA099YA@mail.gmail.com>
 <alpine.DEB.2.21.1808230927090.31897@lancre>
 <CAFj8pRAcFv09qOcbr09c2AbwZ9DGw5Hs6rPcYoo7r9OLdWWB2A@mail.gmail.com>
User-Agent: Alpine 2.21 (DEB 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
X-CLAMAV-SCAN: ok
X-VRSPAM-SCORE: -100
X-VRSPAM-STATE: legit
X-VRSPAM-CAUSE: 
 gggruggvucftvghtrhhoucdtuddrgedtjedrfeefgddukecutefuodetggdotefrucfrrhhofhhilhgvmecuggftfghnshhusghstghrihgsvgenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhepfffhvffujgfkfhgfgggtsehttdertddtredvnecuhfhrohhmpefhrggsihgvnhcuvefqgffnjffquceotghovghlhhhosegtrhhirdgvnhhsmhhprdhfrheqnecukfhppeekiedrvdeffedrudeiiedrudeigeenucfrrghrrghmpehmohguvgepshhmthhpohhuth
X-VRSPAM-EXTCAUSE: mhhouggvpehsmhhtphhouhht
List-Id: <pgsql-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-hackers@lists.postgresql.org>
List-Owner: <mailto:pgsql-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-hackers>
Precedence: bulk


>> Security vs "good enough in some cases" looks bad to me.
>
> We don't find a agreement, because you are concentrated on transation, 
> me on session. And we have different expectations.

I do not understand your point, as usual. I raise a factual issue about 
security, and you do not answer how this can be solved with your proposal, 
but appeal to argument of authority and declare your "strong opinion".

I do not see any intrinsic opposition between having session objects and 
transactions. Nothing prevents a session object to be transactional beyond 
your willingness that it should not be.

Now, I do expect all PostgreSQL features to be security-wise, whatever 
their scope.

I do not think that security should be traded for "cheap & fast", esp as 
the sole use case for a feature is a security pattern that cannot be 
implemented securely with it. This appears to me as a huge contradiction, 
hence my opposition against this feature as proposed.

The good news is that I'm a nobody: if a committer is happy with your 
patch, it will get committed, you do not need my approval.

-- 
Fabien.