On Fri, 3 Jan 2025 08:34:57 -0700
"David G. Johnston" <david.g.johnston@xxxxxxxxx> wrote:
> On Friday, January 3, 2025, Jan Behrens <jbe-mlist@xxxxxxxxxxxxx> wrote:
> >
> > I would like to know if the above example is correct. It seems overall
> > bulky, but I haven't found a better way, assuming that it can be
> > unknown where a particular extension has been installed to. In
> > particular I feel a bit insecure about where I have to fully qualify,
> > and where not. See the comments in the code above.
>
>
> Short answer, you cannot looking at a definition and know the answer -
> whether the code is going to be executed in a sanitized search_path is what
> matters.
I don't understand. Do you mean my last example is wrong / insecure?
If so, why?
> Anything that would be executed during pg_restore has to be made
> safe. Therefore, code that is only ever executed by applications directly
> can use swarch_path.
Why should the function be executed during pg_restore?
>
> I’d probably modify the function signature to take search_path as a second
> optional argument and then invoke a set search_path within the function.
> At worse the caller can place current_setting(search_path) as the value of
> that argument though being explicit would be recommended.
>
> David J.
I could do that, but I would like to understand if that is really
necessary as it makes the interface more complicated, and I would like
to avoid unnecessary complexity in my interface.
Is it really impossible to have functions without SET search_path in
the definition of a PL/pgSQL function if I fully-qualify all types in
the DECLARE section and if all other non-qualified identifiers occur
after set_config('search_path', ...)?
Kind regards,
Jan Behrens
