Search Postgresql Archives

Re: ISSTRICT behavior

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Martijn van Oosterhout wrote:
On Thu, May 04, 2006 at 12:19:12AM -0700, Don Y wrote:
I'm not designing for the "traditional" role that you're
used to so I can do whatever makes sense for this product
and just *define* that as it's behavior.  Since there are
no other products that compete with it, users don't
really have much choice!  :>

You can do what you like, however, it's still not clear to me what you
think the problem is. If you want your functions to be declared STRICT,
provide a .sql file that does that. It you want to program defensivly
and not crash if the user declares the function without STRICT, add:

if( PG_ARGISNULL(...) )
	PG_RETURN_NULL();

But, this means anything that invokes the function has to be
ready to handle a NULL returned *from* this function.

Which has exactly the same effect.

That was my original question.  I don't think it *is* the same.
If you declare STRICT, the function never gets invoked!
If you use PG_ARGISNULL, the function *has* been invoked
and (the subject of another of my questions), all I can do
is issue a message -- but I can't stop the rest of the
execution:

SELECT nonstrict(another(...)) ...

Nonstrict() has been defined to expect an INT (e.g.).
I.e. that's how it *should* be defined.

If another() is misdeclared as not STRICT (because the
user is not the one who wrote the actual *code* for it)
and happens to be invoked with NULL, then it *can*
detect that it has been invoked with NULL (PG_ARGISNULL)
and it can issue an error message.  But, it will have
to return an INT (*not* NULL) otherwise Nonstrict will
complain (crash?) when it sees the NULL *result* from the
another() invocation.

If, instead, another() could see the NULL passed to *it*,
issue an error and then *abort* the "process" that is
running the SELECT...

This would be more in line with how the SELECT would
operate if another() *had* been properly declared as
STRICT yet invoked with NULL!

(Or, have I misunderstood something?)

Ditto:

SELECT another_function(...) + another_function(...)  ...

Of course, users could screw up the
data-types also so you could, if you wanted, add more code to check the
datatypes passed.

Fact is, if the user has superuser priveledges, they can create C
functions any way they like. If you want to protect from that you need
to add stuff to your C function.

I'm not worried about the folks writing the actual C code.
What I am worried about is the folks who use the wrong
.sql to CREATE FUNCTION...

It may be best (for me) to just cut this capability out
completely...


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux