search

clkao / plv8js-migrated

Automatically exported from code.google.com/p/plv8js
Other
0 stars 0 forks source link

Need separate context per user #10

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
Currently we have one global context. But this has been deemed a security issue 
in other PLs because of the possibility of redefinition of global objects 
affecting  Security Definer functions. For PLV8 I think we need a per-user 
context allocated and stashed inside GetGlobalContext().

Original issue reported on code.google.com by AMDuns...@gmail.com on 10 Nov 2011 at 4:12

GoogleCodeExporter commented 9 years ago 
Agree. With your proposal, "this" is going to be private to the function?

Original comment by umi.tan...@gmail.com on 18 Mar 2012 at 7:44

GoogleCodeExporter commented 9 years ago 
I implemented the code to support separate context.  In turn, my code is for 
per function, not per user.  The feature is experimental and need to set guc 
plv8.use_separate_context to on (default to off,) as the performance overhead 
is sometimes too big.

Original comment by umi.tan...@gmail.com on 5 Apr 2012 at 10:22

GoogleCodeExporter commented 9 years ago 
I don't think this is the way to go, for several reasons. 

First, it's unlike what is done in other languages, and I think orthogonality 
would be good. 

Second, it should not be controlled by a GUC. This is a security issue, and we 
should not have a mode where information can leak across roles changes. What we 
should have is a hash of contexts keyed by role id, and switch to the correct 
context for the current role, if necessary creating it first. That will also 
have the side effect that globally saved data per role will simply be visible 
as one would expect.

My proposed startup functionality would be run in each context as it's created 
- in the vast majority of cases that would only be once per backend.

I was intending to work on this, and can undertake it if the design above is 
agreed.

Original comment by AMDuns...@gmail.com on 18 Apr 2012 at 4:37

GoogleCodeExporter commented 9 years ago 
The current GUC is for only trial purpose, and I don't intend to expose it as a 
normal option.  I agree my approach was wrong and should do it your way.  
However, I have another idea around it with the global namespace issue and 
yield function implementation, so you can of course work on it but I'd like to 
see your patch before commit.  Possibly my idea is unrelated topic here, but 
still I'm interested.

Original comment by umi.tan...@gmail.com on 19 Apr 2012 at 8:22

GoogleCodeExporter commented 9 years ago 
I think this is done.

Original comment by umi.tan...@gmail.com on 27 Apr 2012 at 12:56