Simon Riggs <[EMAIL PROTECTED]> writes:
> ISTM that SET LOCAL is mostly superceded by per-function parameters.

Mostly, but not entirely.  The case where you still need SET LOCAL is
where the value you want to use locally has to be computed, or where you
need to change it more than once within the function.  Yet in such cases
it'd still be handy to let the SET-clause mechanism deal with the detail
of restoring the caller's value at exit.

There is also a fairly nasty backward-compatibility problem.  Suppose
that security definer function OldSD uses the recommended-up-to-now
method for setting a secure search path, which I quote from the 8.2

        old_path := pg_catalog.current_setting('search_path');

        PERFORM pg_catalog.set_config('search_path', 'admin, pg_temp', true);

        -- Do whatever secure work we came for.

        PERFORM pg_catalog.set_config('search_path', old_path, true);

(The set_config calls are equivalent to SET LOCAL.)  Also suppose that
security definer function NewSD uses the fancy new function-local-
SET-clause method to avoid all that tedious stuff there.  Now suppose
that NewSD calls OldSD.  If SET LOCAL overrides SET-clauses, this

* NewSD saves outer search path and sets its own.
* OldSD saves NewSD's search path, then sets its own with SET LOCAL.
* OldSD restores NewSD's search path using SET LOCAL.
* NewSD tries to restore outer search path, but silently fails
  because SET LOCAL takes precedence.
* We exit to the caller with NewSD's search path still in effect.

This scenario will surely happen in the field, and therefore I argue
that we *must* not allow SET LOCAL's effects to persist beyond the
exit from a surrounding function-local SET clause on the same variable.

I'm not sure what conclusions that leads to for other cases, though.
We don't necessarily have to be consistent between the case where
SET affects a variable and the case where it doesn't.

                        regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?


Reply via email to