Participants
stan
stan
Adrian Klaver
Adrian Klaver
Attachments
Show all attachments
Thread Outline
#1stanstan
Nov 22, 2019
#2Adrian KlaverAdrian Klaverto stan (#1)
Nov 22, 2019
#3...#4
Adrian Klaverstan
to stan (#1)
Nov 23, 2019
#3Adrian KlaverAdrian Klaverto stan (#1)
Nov 23, 2019
#4stanstanto Adrian Klaver (#3)
Nov 23, 2019

And I thought I had this solved.

Started by stanover 6 years ago4 messagesgeneral
Jump to latest
#1stan
stan
stanb@panix.com

A while back I ran into problems caused by security fix related to the
search path. I wound up adding a line to. for instance, this function:

REATE FUNCTION
work_hours
(
start_date date,
end_date date
)
RETURNS decimal(10,4) stable
language sql as $$

/* workaround for secuirty "feature" */
SET search_path TO ica, "user" , public;

SELECT
sum(case when
extract(isodow from d)
between 1 and 5 then
8.0 else
+0.0 end)
from

generate_series($1,
$2, interval
'24 hours') d;

$$;

And walked away happy, or so I thought. Now I just got this error:

[local] stan@stan=# select * from ttl_avail_hours_by_project_and_employee ;
ERROR: SET is not allowed in a non-volatile function
CONTEXT: SQL function "work_hours" during startup

How can I solve this issue?

--
"They that would give up essential liberty for temporary safety deserve
neither liberty nor safety."
-- Benjamin Franklin

#2Adrian Klaver
Adrian Klaver
adrian.klaver@aklaver.com
In reply to: stan (#1)
Re: And I thought I had this solved.

On 11/22/19 3:52 PM, stan wrote:

A while back I ran into problems caused by security fix related to the
search path. I wound up adding a line to. for instance, this function:

REATE FUNCTION
work_hours
(
start_date date,
end_date date
)
RETURNS decimal(10,4) stable
language sql as $$

/* workaround for secuirty "feature" */
SET search_path TO ica, "user" , public;

SELECT
sum(case when
extract(isodow from d)
between 1 and 5 then
8.0 else
+0.0 end)
from

generate_series($1,
$2, interval
'24 hours') d;

$$;

And walked away happy, or so I thought. Now I just got this error:

[local] stan@stan=# select * from ttl_avail_hours_by_project_and_employee ;
ERROR: SET is not allowed in a non-volatile function
CONTEXT: SQL function "work_hours" during startup

How can I solve this issue?

If the above is the entire function I am not seeing that you need to SET
search_path as there is no object that needs schema qualification. I
would comment it out and run it.

If that fails then set the function volatile.

--
Adrian Klaver
adrian.klaver@aklaver.com

#3Adrian Klaver
Adrian Klaver
adrian.klaver@aklaver.com
In reply to: stan (#1)
Re: And I thought I had this solved.

On 11/22/19 3:52 PM, stan wrote:

A while back I ran into problems caused by security fix related to the
search path. I wound up adding a line to. for instance, this function:

REATE FUNCTION
work_hours
(
start_date date,
end_date date
)
RETURNS decimal(10,4) stable
language sql as $$

/* workaround for secuirty "feature" */
SET search_path TO ica, "user" , public;

SELECT
sum(case when
extract(isodow from d)
between 1 and 5 then
8.0 else
+0.0 end)
from

generate_series($1,
$2, interval
'24 hours') d;

$$;

And walked away happy, or so I thought. Now I just got this error:

[local] stan@stan=# select * from ttl_avail_hours_by_project_and_employee ;
ERROR: SET is not allowed in a non-volatile function
CONTEXT: SQL function "work_hours" during startup

How can I solve this issue?

I thought I was missing something. Third option. As example:

https://www.postgresql.org/docs/11/sql-createfunction.html

Writing
SECURITY DEFINER
Functions Safely

...

$$ LANGUAGE plpgsql
SECURITY DEFINER
-- Set a secure search_path: trusted schema(s), then 'pg_temp'.
SET search_path = admin, pg_temp;

Put the SET outside the function body.
--
Adrian Klaver
adrian.klaver@aklaver.com

#4stan
stan
stanb@panix.com
In reply to: Adrian Klaver (#3)
Re: And I thought I had this solved.

On Fri, Nov 22, 2019 at 04:06:14PM -0800, Adrian Klaver wrote:

On 11/22/19 3:52 PM, stan wrote:

A while back I ran into problems caused by security fix related to the
search path. I wound up adding a line to. for instance, this function:

REATE FUNCTION
work_hours
(
start_date date,
end_date date
)
RETURNS decimal(10,4) stable
language sql as $$

/* workaround for secuirty "feature" */
SET search_path TO ica, "user" , public;

SELECT
sum(case when
extract(isodow from d)
between 1 and 5 then
8.0 else
+0.0 end)
from

generate_series($1,
$2, interval
'24 hours') d;

$$;

And walked away happy, or so I thought. Now I just got this error:

[local] stan@stan=# select * from ttl_avail_hours_by_project_and_employee ;
ERROR: SET is not allowed in a non-volatile function
CONTEXT: SQL function "work_hours" during startup

How can I solve this issue?

I thought I was missing something. Third option. As example:

https://www.postgresql.org/docs/11/sql-createfunction.html

Writing
SECURITY DEFINER
Functions Safely

...

$$ LANGUAGE plpgsql
SECURITY DEFINER
-- Set a secure search_path: trusted schema(s), then 'pg_temp'.
SET search_path = admin, pg_temp;

Put the SET outside the function body.

OH, that seems the cleanest way to do this.

Thanks.

--
"They that would give up essential liberty for temporary safety deserve
neither liberty nor safety."
-- Benjamin Franklin

← Back to Topics