[postgis-devel] PSC Vote: set schema search_path for select functions

[Sandro Santilli]

On Sun, Mar 15, 2015 at 02:13:24PM -0400, Paragon Corporation wrote:
> I actually don't care so much about enforcing non-relocatability.  The only benefit of doing that is then we can have a single schema to set the search_path and/or we can schema qualify all our PostGIS function calls – which is a big exercise in monotonous labor.  I'd still go with just setting search_path for each function since we can automate that and will be valuable if we DO in future decide to enforce PostGIS installed in schema postgis.

The other benefit is we can trust PostGIS code more, in that it would not
allow for search_path based hijacking. I think it's a worth move.

> The main issue is that whether we go down the path of making it non-relocatable or not, we are still going to have to set the search_path of each function that calls other functions and tables or schema qualify all our calls.

We don't need to tweak search_path if the functions and view implementations
fully qualify the name of accessed objects.

> For example – let's hypothesize we were to enforce postgis be always installed in postgis schema.  If someone puts their data in another schema say public, they still won't be able to restore their data cleanly if they have raster constraints or use ST_Distance (and other functions that call other PostGIS functions)  functions in their materialized views or use postgres_fdw and use distance functions.

That's a job for postgis_restore.pl, we succeeded in converting SRIDs already,
and injecting ST_ prefix, no problem in doing more, IMHO.

--strk;